mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-07 01:41:00 +01:00
9d6db05b52
New kernels provide an alternative proc attr interface for apparmor which is needed for LSM stacking. Update the remaining profiles that use the old interface to include access to the new interface. Signed-off-by: John Johansen <john.johansen@canonical.com>
48 lines
1.3 KiB
Text
48 lines
1.3 KiB
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2009-2010 Canonical Ltd.
|
|
# Copyright (C) 2011-2020 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim: ft=apparmor
|
|
|
|
abi <abi/3.0>,
|
|
|
|
include <tunables/global>
|
|
include <tunables/dovecot>
|
|
|
|
profile dovecot-imap /usr/lib/dovecot/imap {
|
|
include <abstractions/base>
|
|
include <abstractions/nameservice>
|
|
include <abstractions/dovecot-common>
|
|
|
|
capability setuid,
|
|
deny capability block_suspend,
|
|
|
|
network unix stream,
|
|
|
|
@{DOVECOT_MAILSTORE}/ rw,
|
|
@{DOVECOT_MAILSTORE}/** rwkl,
|
|
|
|
@{HOME} r, # ???
|
|
|
|
/etc/dovecot/dovecot.conf r,
|
|
/etc/dovecot/conf.d/ r,
|
|
/etc/dovecot/conf.d/** r,
|
|
|
|
owner /tmp/dovecot.imap.* rw,
|
|
@{PROC}/@{pid}/attr/{apparmor/,}current rw,
|
|
/usr/bin/doveconf rix,
|
|
/usr/lib/dovecot/imap mrix,
|
|
/usr/share/dovecot/** r,
|
|
@{run}/dovecot/login/imap rw,
|
|
@{run}/dovecot/auth-master rw,
|
|
@{run}/dovecot/mounts r,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
include if exists <local/usr.lib.dovecot.imap>
|
|
}
|