File dovecot-align-pop3-managesieve-login-to-imap-login.patch of Package apparmor.10546
commit bc36daa264b0f0067deeb1de893a27b25bc5e4e4
Author: Simon Deziel <simon@sdeziel.info>
Date: Sun Feb 17 17:33:24 2019 -0500
dovecot: align {pop3,managesieve}-login to imap-login
Those 3 login daemons should have similiar needs and thus similar
profiles. IMAP is likely the most tested one so let's align the
other 2 with it. Unix and TCP sockets rules were added to pop3-login
after the removal of abstractions/nameservice that included them
implicitly.
Signed-off-by: Simon Deziel <simon@sdeziel.info>
---
profiles/apparmor.d/usr.lib.dovecot.managesieve-login | 2 +-
profiles/apparmor.d/usr.lib.dovecot.pop3-login | 7 +++++--
2 files changed, 6 insertions(+), 3 deletions(-)
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -13,7 +13,6 @@
# vim: ft=apparmor
#include <tunables/global>
-
/usr/lib/dovecot/managesieve-login {
#include <abstractions/base>
#include <abstractions/ssl_certs>
@@ -25,6 +24,7 @@
network inet stream,
network inet6 stream,
+ network unix stream,
/usr/lib/dovecot/managesieve-login mr,
/{,var/}run/dovecot/login-master-notify* rw,
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -11,10 +11,8 @@
# vim: ft=apparmor
#include <tunables/global>
-
/usr/lib/dovecot/pop3-login {
#include <abstractions/base>
- #include <abstractions/nameservice>
#include <abstractions/ssl_certs>
#include <abstractions/ssl_keys>
#include <abstractions/dovecot-common>
@@ -22,8 +20,13 @@
capability setuid,
capability sys_chroot,
+ network inet stream,
+ network inet6 stream,
+ network unix stream,
+
/usr/lib/dovecot/pop3-login mr,
/{,var/}run/dovecot/anvil rw,
+ /{,var/}run/dovecot/login-master-notify* rw,
/{,var/}run/dovecot/login/ r,
/{,var/}run/dovecot/login/* rw,