File dovecot-unix_chkpwd.diff of Package apparmor.38032

--- null	1970-01-01 01:00:00.000000000 +0100
+++ apparmor-2.12.3-new/profiles/apparmor.d/unix-chkpwd	2025-02-13 18:00:00.736436800 +0100
@@ -0,0 +1,32 @@
+# apparmor.d - Full set of apparmor profiles
+# Copyright (C) 2019-2021 Mikhail Morfikov
+# SPDX-License-Identifier: GPL-2.0-only
+
+# The apparmor.d project comes with several variables and abstractions
+# that are not part of upstream AppArmor yet. Therefore this profile was
+# adopted to use abstractions and variables that are available.
+# Copyright (C) Christian Boltz 2024
+
+abi <abi/3.0>,
+
+include <tunables/global>
+
+profile unix-chkpwd /{,usr/}{,s}bin/unix_chkpwd {
+  include <abstractions/base>
+  include <abstractions/nameservice>
+
+  # To write records to the kernel auditing log.
+  capability audit_write,
+
+  network netlink raw,
+
+  /{,usr/}{,s}bin/unix_chkpwd mr,
+
+  /etc/shadow r,
+
+  # file_inherit
+  owner /dev/tty[0-9]* rw,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/unix-chkpwd>
+}
--- apparmor-2.12.3/profiles/apparmor.d/usr.lib.dovecot.auth	2019-06-18 10:46:41.000000000 +0200
+++ apparmor-2.12.3-new/profiles/apparmor.d/usr.lib.dovecot.auth	2025-02-13 17:31:12.232276092 +0100
@@ -50,8 +50,12 @@
   /{var/,}run/dovecot/stats-user rw,
   /{var/,}run/dovecot/anvil-auth-penalty rw,
 
+  owner /proc/@{pid}/loginuid r,
+
   /var/spool/postfix/private/auth rw,
 
+  /{,usr/}{,s}bin/unix_chkpwd Px,
+
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.lib.dovecot.auth>
 }