From 5d66f079f85c655fdb1b4bc2f38f4fec1a95b25c26ec0b12927972740807cd7f Mon Sep 17 00:00:00 2001 From: Christian Boltz Date: Sat, 4 Jan 2014 12:09:34 +0000 Subject: [PATCH] Accepting request 212802 from home:cboltz - add permissions for kerberos replay cache to usr.lib.dovecot.auth - add permissions for /proc/*/mounts and /var/run/dovecot/mounts to usr.lib.dovecot.dovecot-lda - update changelog to mention apparmor-profiles-dovecot-bnc851984.diff and usr.lib.dovecot.* OBS-URL: https://build.opensuse.org/request/show/212802 OBS-URL: https://build.opensuse.org/package/show/security:apparmor/apparmor?expand=0&rev=70 --- apparmor.changes | 3 ++- usr.lib.dovecot.auth | 6 ++++++ usr.lib.dovecot.dovecot-lda | 2 ++ 3 files changed, 10 insertions(+), 1 deletion(-) diff --git a/apparmor.changes b/apparmor.changes index 31e66c8..94426ce 100644 --- a/apparmor.changes +++ b/apparmor.changes @@ -1,5 +1,5 @@ ------------------------------------------------------------------- -Wed Jan 1 21:52:49 UTC 2014 - opensuse@cboltz.de +Sat Jan 4 12:04:25 UTC 2014 - opensuse@cboltz.de - add apparmor-profiles-samba-create-dirs.diff to allow samba to mkdir /var/run/samba and /var/cache/samba (bnc#856651) @@ -9,6 +9,7 @@ Wed Jan 1 21:52:49 UTC 2014 - opensuse@cboltz.de - update dovecot profiles to support dovecot 2.x, and add profiles for the parts of dovecot that were not covered yet (bnc#851984) NOTE: Please adjust /etc/apparmor.d/tunables/dovecot to your needs. + (apparmor-profiles-dovecot-bnc851984.diff, usr.lib.dovecot.*) - %restart_on_update (in parser %postun) is "translated" to stop/start by the systemd wrapper, which removes AppArmor protection from running diff --git a/usr.lib.dovecot.auth b/usr.lib.dovecot.auth index b3d2fb0..7c66179 100644 --- a/usr.lib.dovecot.auth +++ b/usr.lib.dovecot.auth @@ -27,6 +27,12 @@ /etc/dovecot/dovecot-sql.conf.ext r, /usr/lib/dovecot/auth mr, + # kerberos replay cache + /var/tmp/imap_* rw, + /var/tmp/pop_* rw, + /var/tmp/sieve_* rw, + /var/tmp/smtp_* rw, + # Site-specific additions and overrides. See local/README for details. #include } diff --git a/usr.lib.dovecot.dovecot-lda b/usr.lib.dovecot.dovecot-lda index 8ee436a..ac8ade3 100644 --- a/usr.lib.dovecot.dovecot-lda +++ b/usr.lib.dovecot.dovecot-lda @@ -23,6 +23,8 @@ @{DOVECOT_MAILSTORE}/** rwkl, /etc/dovecot/** r, + /proc/*/mounts r, + /{var/,}run/dovecot/mounts r, /usr/bin/doveconf mrix, /usr/lib/dovecot/dovecot-lda mrix,