diff --git a/apparmor-profiles-dovecot-bnc851984.diff b/apparmor-profiles-dovecot-bnc851984.diff index b0e34f6..8fdfd71 100644 --- a/apparmor-profiles-dovecot-bnc851984.diff +++ b/apparmor-profiles-dovecot-bnc851984.diff @@ -143,13 +143,14 @@ Index: profiles/apparmor.d/usr.lib.dovecot.managesieve-login =================================================================== --- profiles/apparmor.d/usr.lib.dovecot.managesieve-login.orig 2011-07-14 14:57:57.000000000 +0200 +++ profiles/apparmor.d/usr.lib.dovecot.managesieve-login 2014-01-26 15:48:52.228261212 +0100 -@@ -1,4 +1,15 @@ +@@ -1,6 +1,19 @@ -# Author: Dulmandakh Sukhbaatar +# ------------------------------------------------------------------ +# +# Copyright (c) 2009 Dulmandakh Sukhbaatar +# Copyright (C) 2009-2011 Canonical Ltd. +# Copyright (C) 2013 Christian Boltz ++# Copyright (C) 2014 Christian Wittmer +# +# This program is free software; you can redistribute it and/or +# modify it under the terms of version 2 of the GNU General Public @@ -159,7 +160,18 @@ Index: profiles/apparmor.d/usr.lib.dovecot.managesieve-login +# vim: ft=apparmor #include ++ /usr/lib/dovecot/managesieve-login { + #include + #include +@@ -11,6 +24,7 @@ + capability sys_chroot, + + network inet stream, ++ network inet6 stream, + + /usr/lib/dovecot/managesieve-login mr, + /{,var/}run/dovecot/login/ r, Index: profiles/apparmor.d/usr.lib.dovecot.pop3 =================================================================== --- profiles/apparmor.d/usr.lib.dovecot.pop3.orig 2011-08-27 01:12:10.000000000 +0200 diff --git a/apparmor.changes b/apparmor.changes index fd1239c..e23eb47 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -4,6 +4,27 @@ Thu Jul 3 14:45:14 UTC 2014 - ddiss@suse.com - add apparmor-profiles-clustered-samba.diff to permit clustered Samba access to CTDB socket and databases (bnc#885317) +------------------------------------------------------------------- +Wed Jul 2 10:30:43 UTC 2014 - chris@computersalat.de + +- fix problems with dovecot and managesieve + * usr.lib.dovecot.managesieve-login: network inet6 stream + * usr.lib.dovecot.managesieve: + +#include + /usr/lib/dovecot/managesieve { + #include + + capability setgid, + + capability setuid, + + network inet stream, + + network inet6 stream, + + @{DOVECOT_MAILSTORE}/ rw, + + @{DOVECOT_MAILSTORE}/** rwkl, + +------------------------------------------------------------------- +Fri Jun 27 17:47:40 UTC 2014 - chris@computersalat.de + +- add #include to usr.lib.dovecot.auth + ------------------------------------------------------------------- Tue Apr 1 16:06:24 UTC 2014 - lmuelle@suse.com diff --git a/apparmor.spec b/apparmor.spec index 99d226d..9a01109 100644 --- a/apparmor.spec +++ b/apparmor.spec @@ -2,6 +2,7 @@ # spec file for package apparmor # # Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2011-2014 Christian Boltz # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -106,7 +107,7 @@ Patch6: apparmor-init.py-gsoc.diff # Add support for eDirectory calls in abstractions/nameservice. Not accepted upstream (yet) because of open questions Patch12: apparmor-2.5.1-edirectory-profile -# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359) +# update dovecot profiles for dovecot 2.x (bnc#851984 - commited upstream trunk r2354, r2356, [updated patch] r2359, [updated patch] r2549) Patch17: apparmor-profiles-dovecot-bnc851984.diff # create Immunix::SubDomain perl module - only included for openSUSE <= 12.1 - bnc#720617 #c7 @@ -119,7 +120,7 @@ Patch22: ruby-2_0-mkmf-destdir.patch # commited upstream trunk r2323, 2.8 branch r2110 - updated version commited trunk r2385, 2.8 r2123 Patch23: apparmor-2.8.2-nm-dnsmasq-config.patch -# Permit clustered Samba access to CTDB socket and databases (bnc#885317) +# Permit clustered Samba access to CTDB socket and databases (bnc#885317, commited upstream trunk r2556 - TODO: merge into 2.8 branch) Patch24: apparmor-profiles-clustered-samba.diff Url: https://launchpad.net/apparmor diff --git a/usr.lib.dovecot.auth b/usr.lib.dovecot.auth index 71ffaf5..1953a31 100644 --- a/usr.lib.dovecot.auth +++ b/usr.lib.dovecot.auth @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2013 Christian Boltz +# Copyright (C) 2014 Christian Wittmer # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -16,6 +17,7 @@ #include #include #include + #include deny capability block_suspend, diff --git a/usr.lib.dovecot.managesieve b/usr.lib.dovecot.managesieve index a0e6142..6aa98e7 100644 --- a/usr.lib.dovecot.managesieve +++ b/usr.lib.dovecot.managesieve @@ -1,6 +1,7 @@ # ------------------------------------------------------------------ # # Copyright (C) 2013 Christian Boltz +# Copyright (C) 2014 Christian Wittmer # # This program is free software; you can redistribute it and/or # modify it under the terms of version 2 of the GNU General Public @@ -10,10 +11,20 @@ # vim: ft=apparmor #include +#include /usr/lib/dovecot/managesieve { #include + capability setgid, + capability setuid, + + network inet stream, + network inet6 stream, + + @{DOVECOT_MAILSTORE}/ rw, + @{DOVECOT_MAILSTORE}/** rwkl, + /etc/dovecot/** r, /usr/bin/doveconf rix, /usr/lib/dovecot/managesieve mrix,