mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-06 17:31:01 +01:00
04240fe6de
Add several permissions to the dovecot profiles that are needed on ubuntu
(surprisingly not on openSUSE, maybe it depends on the dovecot config?)
As discussed some weeks ago, the added permissions use only /run/
instead of /{var/,}run/ (which is hopefully superfluous nowadays).
References: https://bugs.launchpad.net/apparmor/+bug/1512131
Acked-by: Seth Arnold <seth.arnold@canonical.com> for trunk, 2.10 and 2.9.
44 lines
1.2 KiB
Text
44 lines
1.2 KiB
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2009-2010 Canonical Ltd.
|
|
# Copyright (C) 2011-2013 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim: ft=apparmor
|
|
|
|
#include <tunables/global>
|
|
#include <tunables/dovecot>
|
|
|
|
/usr/lib/dovecot/imap {
|
|
#include <abstractions/base>
|
|
#include <abstractions/nameservice>
|
|
#include <abstractions/dovecot-common>
|
|
|
|
capability setuid,
|
|
deny capability block_suspend,
|
|
|
|
network unix stream,
|
|
|
|
@{DOVECOT_MAILSTORE}/ rw,
|
|
@{DOVECOT_MAILSTORE}/** rwkl,
|
|
|
|
@{HOME} r, # ???
|
|
|
|
/etc/dovecot/dovecot.conf r,
|
|
/etc/dovecot/conf.d/ r,
|
|
/etc/dovecot/conf.d/** r,
|
|
|
|
/usr/bin/doveconf rix,
|
|
/usr/lib/dovecot/imap mrix,
|
|
/usr/share/dovecot/** r,
|
|
/run/dovecot/login/imap rw,
|
|
/{,var/}run/dovecot/auth-master rw,
|
|
/{,var/}run/dovecot/mounts r,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
#include <local/usr.lib.dovecot.imap>
|
|
}
|