mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge Allow dovecot to use all signals

Browse source 
similar to commit 2f9d172c64
we discovered that there was a service outage
when dovecot tried to send a usr1 signal

type=AVC msg=audit(1648024138.249:184964): apparmor="DENIED" operation="signal" profile="dovecot" pid=1690 comm="dovecot" requested_mask="send" denied_mask="send" signal=usr1 peer="dovecot-imap-login"

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/865
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>


(cherry picked from commit 83685ba703)

f0919f83 Allow dovecot to use all signals
This commit is contained in:
Christian Boltz 2022-03-25 20:52:49 +00:00
parent 1ef18b6461
commit a9d6b8f2fc
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
profiles/apparmor.d/usr.sbin.dovecot
View file

@ -31,8 +31,8 @@
capability sys_chroot,
capability sys_resource,
signal send set=(int,quit,term,kill) peer=/usr/lib/dovecot/*,
signal send set=(int,quit,term,kill) peer=dovecot-*,
signal send peer=/usr/lib/dovecot/*,
signal send peer=dovecot-*,
unix (receive, send) type=stream peer=(label=/usr/lib/dovecot/anvil),