Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
security:apparmor
apparmor_3_1
dovecot-unix_chkpwd.diff
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File dovecot-unix_chkpwd.diff of Package apparmor_3_1
Index: apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd =================================================================== --- /dev/null +++ apparmor-3.1.7/profiles/apparmor.d/unix-chkpwd @@ -0,0 +1,35 @@ +# apparmor.d - Full set of apparmor profiles +# Copyright (C) 2019-2021 Mikhail Morfikov +# SPDX-License-Identifier: GPL-2.0-only + +# The apparmor.d project comes with several variables and abstractions +# that are not part of upstream AppArmor yet. Therefore this profile was +# adopted to use abstractions and variables that are available. +# Copyright (C) Christian Boltz 2024 + +abi <abi/3.0>, + +include <tunables/global> + +profile unix-chkpwd /{,usr/}{,s}bin/unix_chkpwd { + include <abstractions/base> + include <abstractions/nameservice> + + # To write records to the kernel auditing log. + capability audit_write, + + network netlink raw, + + /{,usr/}{,s}bin/unix_chkpwd mr, + + /etc/shadow r, + + # systemd userdb, used in nspawn + /run/host/userdb/*.user r, + /run/host/userdb/*.user-privileged r, + + # file_inherit + owner /dev/tty[0-9]* rw, + + include if exists <local/unix-chkpwd> +} Index: apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth =================================================================== --- apparmor-3.1.7.orig/profiles/apparmor.d/usr.lib.dovecot.auth +++ apparmor-3.1.7/profiles/apparmor.d/usr.lib.dovecot.auth @@ -52,8 +52,12 @@ profile dovecot-auth /usr/lib*/dovecot/a @{run}/dovecot/stats-user rw, @{run}/dovecot/anvil-auth-penalty rw, + owner /proc/@{pid}/loginuid r, + /var/spool/postfix/private/auth rw, + /usr/sbin/unix_chkpwd Px, + # Site-specific additions and overrides. See local/README for details. include if exists <local/usr.lib.dovecot.auth> }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor