apparmor/profiles/apparmor.d/usr.lib.dovecot.dovecot-auth

# Author: Kees Cook <kees@ubuntu.com>

#include <tunables/global>
/usr/lib/dovecot/dovecot-auth {
  #include <abstractions/authentication>
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/wutmp>

  capability setgid,
  capability chown,
  capability dac_override,

  @{PROC}/@{pid}/mounts r,
  /usr/lib/dovecot/dovecot-auth mr,
  /{,var/}run/dovecot/** rw,
  # required for postfix+dovecot integration
  /var/spool/postfix/private/dovecot-auth w,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.lib.dovecot.dovecot-auth>
}