File dovecot24-part3-mr1822.diff of Package apparmor
From 6268b5c3ea0a3a5d56bd9e293ad5b17e1a1fd52f Mon Sep 17 00:00:00 2001
From: Christian Boltz <apparmor@cboltz.de>
Date: Sun, 19 Oct 2025 12:34:58 +0200
Subject: [PATCH] Allow writing /tmp/doveconf.* in profiles that exec doveconf
Reported for dovecot-dovecot-lda on the german openSUSE mailinglist, but
it would be very surprising if the other profiles with `doveconf ix`
wouldn't need it.
---
profiles/apparmor.d/usr.lib.dovecot.dovecot-lda | 1 +
profiles/apparmor.d/usr.lib.dovecot.imap | 1 +
profiles/apparmor.d/usr.lib.dovecot.managesieve | 1 +
3 files changed, 3 insertions(+)
diff --git a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
index 584d3ced5..0c6babc95 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
+++ b/profiles/apparmor.d/usr.lib.dovecot.dovecot-lda
@@ -26,6 +26,7 @@ profile dovecot-dovecot-lda /usr/lib*/dovecot/dovecot-lda flags=(attach_disconne
/etc/dovecot/** r,
@{PROC}/*/mounts r,
+ owner /tmp/doveconf.* rw,
owner /tmp/dovecot.lda.* rw,
@{run}/dovecot/mounts r,
@{run}/dovecot/auth-userdb rw,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.imap b/profiles/apparmor.d/usr.lib.dovecot.imap
index e16cb92f8..cb177e48d 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -33,6 +33,7 @@ profile dovecot-imap /usr/lib*/dovecot/imap {
/etc/dovecot/conf.d/ r,
/etc/dovecot/conf.d/** r,
+ owner /tmp/doveconf.* rw,
owner /tmp/dovecot.imap.* rw,
@{PROC}/@{pid}/attr/{apparmor/,}current rw,
@{PROC}/@{pid}/stat r,
diff --git a/profiles/apparmor.d/usr.lib.dovecot.managesieve b/profiles/apparmor.d/usr.lib.dovecot.managesieve
index a92ffe642..13189380f 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve
@@ -28,6 +28,7 @@ profile dovecot-managesieve /usr/lib*/dovecot/managesieve {
@{DOVECOT_MAILSTORE}/** rwkl,
/etc/dovecot/** r,
+ owner /tmp/doveconf.* rw,
/usr/bin/doveconf rix,
/usr/lib*/dovecot/managesieve mrix,
--
GitLab