mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
a6e7cea9ab
Though many Linux distros choose to pass _/usr/lib_ as the libexecdir while configuring dovecot, such as [Debian](https://sources.debian.org/src/dovecot/1%3A2.3.20%2Bdfsg1-1/debian/rules/#L132) and [Arch](https://gitlab.archlinux.org/archlinux/packaging/packages/dovecot/-/blob/main/PKGBUILD#L76), others like Alpine Linux and Gentoo don't pass anything as libexecdir, allowing it to default to _/usr/libexec_. Both appear to be valid. From [FHS 3.0, Chapter 4.7](https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html): > Some previous versions of this document did not support _/usr/libexec_, despite it being standard practice in a number of environments. To accomodate this restriction, it became common practice to use _/usr/lib_ instead. Either practice is now acceptable, but each application must choose one way or the other to organize itself. Allow for the default libexec subdir _/usr/libexec/dovecot_ as well as the more common _/usr/lib/dovecot_. Signed-off-by: Peter Levine <plevine457@gmail.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1080 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net> (cherry picked from commit941118c699)37ffc6eaprofiles: allow for the default dovecot libexecdir
31 lines
892 B
Text
31 lines
892 B
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2013-2020 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim: ft=apparmor
|
|
|
|
abi <abi/3.0>,
|
|
|
|
include <tunables/global>
|
|
|
|
profile dovecot-anvil /usr/lib*/dovecot/anvil {
|
|
include <abstractions/base>
|
|
include <abstractions/dovecot-common>
|
|
|
|
capability setuid,
|
|
capability sys_chroot,
|
|
|
|
unix (receive, send) type=stream peer=(label=dovecot),
|
|
|
|
@{run}/dovecot/anvil rw,
|
|
@{run}/dovecot/anvil-auth-penalty rw,
|
|
/usr/lib*/dovecot/anvil mr,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/usr.lib.dovecot.anvil>
|
|
}
|