mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge postfix-showq profile fix

Browse source 
Allow reading queue ID files from /var/spool/postfix/incoming/.

Similar to 3c2aae3.

Example error:

```
type=AVC msg=audit(1737094364.337:12023): apparmor="DENIED" operation="open" profile="postfix-showq" name="/var/spool/postfix/incoming/B7E4C12C784A" pid=17879 comm="showq" requested_mask="r" denied_mask="r" fsuid=91 ouid=91FSUID="postfix" OUID="postfix"
```

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1489
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>
This commit is contained in:
Christian Boltz 2025-01-18 13:08:58 +00:00
commit 817d5eed1d
1 changed files with 1 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
profiles/apparmor/profiles/extras/postfix-showq
View file

@ -43,6 +43,7 @@ profile postfix-showq /usr/lib{,exec}/postfix/{bin/,sbin/,}showq {
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/* r,
/{var/spool/postfix/,}incoming/[0-9A-F]/[0-9A-F]/ r,
/{var/spool/postfix/,}incoming/[0-9A-F]/ r,
/{var/spool/postfix/,}incoming/[0-9A-F]* r,
/{var/spool/postfix/,}maildrop/ r,
/{var/spool/postfix/,}maildrop/[0-9A-F]*[0-9A-F] r,
/{var/spool/postfix/,}maildrop/[0-9A-F]/ r,