mirrors/apparmor
1
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor.git synced 2025-03-04 08:24:42 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

dovecot: allow chroot'ing the auth processes

Browse source 
When using passdb/userdb not requiring root (!= /etc/shadow access)
it is recommended to run the auth processes as non root and chroot'ed

Signed-off-by: Simon Deziel <simon@sdeziel.info>
This commit is contained in:
Simon Deziel 2019-02-13 22:27:08 -05:00
parent a57f01d86b
commit d0aa863f6b
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
profiles/apparmor.d/usr.lib.dovecot.auth
View file

@ -25,6 +25,7 @@
capability dac_override,
capability dac_read_search,
capability setuid,
capability sys_chroot,
/etc/my.cnf r,
/etc/my.cnf.d/ r,
@ -32,6 +33,7 @@
/etc/dovecot/* r,
/usr/lib/dovecot/auth mr,
/var/lib/dovecot/auth-chroot/* r,
# kerberos replay cache
/var/tmp/imap_* rw,