File dovecot24-part3-mr1822.diff of Package apparmor

From 6268b5c3ea0a3a5d56bd9e293ad5b17e1a1fd52f Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sun, 19 Oct 2025 12:34:58 +0200
Subject: [PATCH] Allow writing /tmp/doveconf.* in profiles that exec doveconf

Reported for dovecot-dovecot-lda on the german openSUSE mailinglist, but
it would be very surprising if the other profiles with `doveconf ix`
wouldn't need it.
---
 profiles/apparmor.d/usr.lib.dovecot.dovecot-lda | 1 +
 profiles/apparmor.d/usr.lib.dovecot.imap        | 1 +
 profiles/apparmor.d/usr.lib.dovecot.managesieve | 1 +
 3 files changed, 3 insertions(+)

diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
index 584d3ced5..0c6babc95 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
@@ -26,6 +26,7 @@ profile dovecot-dovecot-lda /usr/lib*/dovecot/dovecot-lda flags=(attach_disconne
 
   /etc/dovecot/** r,
   @{PROC}/*/mounts r,
+  owner /tmp/doveconf.* rw,
   owner /tmp/dovecot.lda.* rw,
   @{run}/dovecot/mounts r,
   @{run}/dovecot/auth-userdb rw,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
index e16cb92f8..cb177e48d 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -33,6 +33,7 @@ profile dovecot-imap /usr/lib*/dovecot/imap {
   /etc/dovecot/conf.d/ r,
   /etc/dovecot/conf.d/** r,
 
+  owner /tmp/doveconf.* rw,
   owner /tmp/dovecot.imap.* rw,
   @{PROC}/@{pid}/attr/{apparmor/,}current rw,
   @{PROC}/@{pid}/stat r,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve b/profiles/apparmor.d/usr.lib.dovecot.managesieve
index a92ffe642..13189380f 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve
@@ -28,6 +28,7 @@ profile dovecot-managesieve /usr/lib*/dovecot/managesieve {
   @{DOVECOT_MAILSTORE}/** rwkl,
 
   /etc/dovecot/** r,
+  owner /tmp/doveconf.* rw,
   /usr/bin/doveconf rix,
   /usr/lib*/dovecot/managesieve mrix,
 
-- 
GitLab

openSUSE Build Service is sponsored by