mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
0f6be43d8e
Some updates for the dovecot profiles, based on a patch from
Christian Wittmer <chris@computersalat.de> (he sent it as SR for the
openSUSE package, which uses a slightly older version of the dovecot
profiles)
Fix problems with dovecot and managesieve:
* usr.lib.dovecot.managesieve-login: network inet6 stream
* usr.lib.dovecot.managesieve:
+#include <tunables/dovecot>
/usr/lib/dovecot/managesieve {
+ capability setgid, # covered by abstractions/dovecot-common, therefore not part of this patch
+ capability setuid,
+ network inet stream,
+ network inet6 stream,
+ @{DOVECOT_MAILSTORE}/ rw,
+ @{DOVECOT_MAILSTORE}/** rwkl,
* add #include <abstractions/wutmp> to usr.lib.dovecot.auth
apparmor="DENIED" operation="open" parent=18310 \
profile="/usr/lib/dovecot/auth" name="/var/run/utmp" pid=20939 \
comm="auth" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Acked-by: Steve Beattie <steve@nxnw.org>
Bug: https://launchpad.net/bugs/1322778
34 lines
936 B
Text
34 lines
936 B
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2013 Christian Boltz
|
|
# Copyright (C) 2014 Christian Wittmer
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim: ft=apparmor
|
|
|
|
#include <tunables/global>
|
|
#include <tunables/dovecot>
|
|
|
|
/usr/lib/dovecot/managesieve {
|
|
#include <abstractions/base>
|
|
#include <abstractions/dovecot-common>
|
|
|
|
capability setuid,
|
|
|
|
network inet stream,
|
|
network inet6 stream,
|
|
|
|
@{DOVECOT_MAILSTORE}/ rw,
|
|
@{DOVECOT_MAILSTORE}/** rwkl,
|
|
|
|
/etc/dovecot/** r,
|
|
/usr/bin/doveconf rix,
|
|
/usr/lib/dovecot/managesieve mrix,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
#include <local/usr.lib.dovecot.managesieve>
|
|
}
|