apparmor/dovecot24.diff

From 021f701e59c8b8d17fa74c6590b8f9333a0b7be0 Mon Sep 17 00:00:00 2001
From: Christian Pfeiffer <cpfeiffer@rev-crew.info>
Date: Sun, 13 Jul 2025 00:26:49 +0000
Subject: [PATCH] Profiles: dovecot add access for dovecot 2.4 doveconf paths

---
 profiles/apparmor.d/abstractions/dovecot-common | 2 ++
 profiles/apparmor.d/usr.lib.dovecot.config      | 2 ++
 profiles/apparmor.d/usr.sbin.dovecot            | 1 +
 3 files changed, 5 insertions(+)

diff --git a/profiles/apparmor.d/abstractions/dovecot-common b/profiles/apparmor.d/abstractions/dovecot-common
index d0722eb14..d39159ecf 100644
--- a/profiles/apparmor.d/abstractions/dovecot-common
+++ b/profiles/apparmor.d/abstractions/dovecot-common
@@ -19,6 +19,8 @@
   signal receive peer=dovecot,
 
   owner @{run}/dovecot/config rw,
+  owner @{run}/dovecot/dovecot.conf.binary r,
+  owner /tmp/doveconf.* r,
 
   # Include additions to the abstraction
   include if exists <abstractions/dovecot-common.d>
diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config
index c0ae6a58f..471e0651d 100644
--- a/profiles/apparmor.d/usr.lib.dovecot.config
+++ b/profiles/apparmor.d/usr.lib.dovecot.config
@@ -28,6 +28,8 @@ profile dovecot-config /usr/lib*/dovecot/config {
   /usr/lib*/dovecot/managesieve Px,
   /usr/share/dovecot/** r,
   /var/lib/dovecot/ssl-parameters.dat r,
+  owner @{run}/dovecot/dovecot.conf.binary* rw,
+  owner /tmp/doveconf.* rw,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.lib.dovecot.config>
diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot
index 246a43b59..5f5aba514 100644
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@@ -78,6 +78,7 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
   @{run}/dovecot/ rw,
   @{run}/dovecot/** rw,
   link @{run}/dovecot/** -> /var/lib/dovecot/**,
+  owner /tmp/doveconf.* rw,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.sbin.dovecot>
-- 
GitLab
Sync from SUSE:SLFO:Main apparmor revision e0edd16ff1c74d88e38a98a6a6a22417 2025-07-25 22:48:15 +02:00			`From 021f701e59c8b8d17fa74c6590b8f9333a0b7be0 Mon Sep 17 00:00:00 2001`
			`From: Christian Pfeiffer <cpfeiffer@rev-crew.info>`
			`Date: Sun, 13 Jul 2025 00:26:49 +0000`
			`Subject: [PATCH] Profiles: dovecot add access for dovecot 2.4 doveconf paths`

			`---`
			`profiles/apparmor.d/abstractions/dovecot-common \| 2 ++`
			`profiles/apparmor.d/usr.lib.dovecot.config \| 2 ++`
			`profiles/apparmor.d/usr.sbin.dovecot \| 1 +`
			`3 files changed, 5 insertions(+)`

			`diff --git a/profiles/apparmor.d/abstractions/dovecot-common b/profiles/apparmor.d/abstractions/dovecot-common`
			`index d0722eb14..d39159ecf 100644`
			`--- a/profiles/apparmor.d/abstractions/dovecot-common`
			`+++ b/profiles/apparmor.d/abstractions/dovecot-common`
			`@@ -19,6 +19,8 @@`
			`signal receive peer=dovecot,`

			`owner @{run}/dovecot/config rw,`
			`+ owner @{run}/dovecot/dovecot.conf.binary r,`
			`+ owner /tmp/doveconf.* r,`
Sync from SUSE:SLFO:Main apparmor revision 7ffb30581cde2adc5534e855856140c0 2025-07-15 18:29:01 +02:00
Sync from SUSE:SLFO:Main apparmor revision e0edd16ff1c74d88e38a98a6a6a22417 2025-07-25 22:48:15 +02:00			`# Include additions to the abstraction`
			`include if exists <abstractions/dovecot-common.d>`
			`diff --git a/profiles/apparmor.d/usr.lib.dovecot.config b/profiles/apparmor.d/usr.lib.dovecot.config`
			`index c0ae6a58f..471e0651d 100644`
			`--- a/profiles/apparmor.d/usr.lib.dovecot.config`
			`+++ b/profiles/apparmor.d/usr.lib.dovecot.config`
			`@@ -28,6 +28,8 @@ profile dovecot-config /usr/lib*/dovecot/config {`
Sync from SUSE:SLFO:Main apparmor revision 7ffb30581cde2adc5534e855856140c0 2025-07-15 18:29:01 +02:00			`/usr/lib*/dovecot/managesieve Px,`
Sync from SUSE:SLFO:Main apparmor revision e0edd16ff1c74d88e38a98a6a6a22417 2025-07-25 22:48:15 +02:00			`/usr/share/dovecot/** r,`
			`/var/lib/dovecot/ssl-parameters.dat r,`
			`+ owner @{run}/dovecot/dovecot.conf.binary* rw,`
			`+ owner /tmp/doveconf.* rw,`
Sync from SUSE:SLFO:Main apparmor revision 7ffb30581cde2adc5534e855856140c0 2025-07-15 18:29:01 +02:00
Sync from SUSE:SLFO:Main apparmor revision e0edd16ff1c74d88e38a98a6a6a22417 2025-07-25 22:48:15 +02:00			`# Site-specific additions and overrides. See local/README for details.`
			`include if exists <local/usr.lib.dovecot.config>`
			`diff --git a/profiles/apparmor.d/usr.sbin.dovecot b/profiles/apparmor.d/usr.sbin.dovecot`
			`index 246a43b59..5f5aba514 100644`
			`--- a/profiles/apparmor.d/usr.sbin.dovecot`
			`+++ b/profiles/apparmor.d/usr.sbin.dovecot`
			`@@ -78,6 +78,7 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {`
			`@{run}/dovecot/ rw,`
			`@{run}/dovecot/** rw,`
			`link @{run}/dovecot/ -> /var/lib/dovecot/,`
			`+ owner /tmp/doveconf.* rw,`
Sync from SUSE:SLFO:Main apparmor revision 7ffb30581cde2adc5534e855856140c0 2025-07-15 18:29:01 +02:00
			`# Site-specific additions and overrides. See local/README for details.`
Sync from SUSE:SLFO:Main apparmor revision e0edd16ff1c74d88e38a98a6a6a22417 2025-07-25 22:48:15 +02:00			`include if exists <local/usr.sbin.dovecot>`
			`--`
			`GitLab`