mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 16:35:02 +01:00
70926b5d55
This commit adds a dovecot-common abstraction, as well as adjusting the profiles for dovecot's helper binaries to make use of it. The important addition is the ability for the dovecot master process to send signals to the helpers. Signed-off-by: Steve Beattie <steve@nxnw.org> Acked-by: Seth Arnold <seth.arnold@canonical.com>
33 lines
1 KiB
Text
33 lines
1 KiB
Text
# ------------------------------------------------------------------
|
|
#
|
|
# Copyright (C) 2009-2013 Canonical Ltd.
|
|
# Copyright (C) 2013 Christian Boltz
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of version 2 of the GNU General Public
|
|
# License published by the Free Software Foundation.
|
|
#
|
|
# ------------------------------------------------------------------
|
|
# vim: ft=apparmor
|
|
|
|
#include <tunables/global>
|
|
|
|
/usr/lib/dovecot/dovecot-auth {
|
|
#include <abstractions/authentication>
|
|
#include <abstractions/base>
|
|
#include <abstractions/nameservice>
|
|
#include <abstractions/wutmp>
|
|
#include <abstractions/dovecot-common>
|
|
|
|
capability chown,
|
|
capability dac_override,
|
|
|
|
@{PROC}/@{pid}/mounts r,
|
|
/usr/lib/dovecot/dovecot-auth mr,
|
|
/{,var/}run/dovecot/** rw,
|
|
# required for postfix+dovecot integration
|
|
/var/spool/postfix/private/dovecot-auth w,
|
|
|
|
# Site-specific additions and overrides. See local/README for details.
|
|
#include <local/usr.lib.dovecot.dovecot-auth>
|
|
}
|