Allow /proc/*/attr/current in dovecot imap and lmtp

This is needed when using the "apparmor" plugin which means dovecot switches to user-specific hats. Seen on openSUSE Tumbleweed. (backported from commit 6a388859f8) Signed-off-by: John Johansen <john.johansen@canonical.com>
2025-09-01 23:05:11 +00:00 · 2020-06-11 15:05:14 +02:00
parent 1842231253
commit 8a3b92cd62
2 changed files with 2 additions and 2 deletions
--- a/profiles/apparmor.d/usr.lib.dovecot.imap
+++ b/profiles/apparmor.d/usr.lib.dovecot.imap
@@ -33,7 +33,7 @@
  /etc/dovecot/conf.d/** r,

  owner /tmp/dovecot.imap.* rw,
-
+  @{PROC}/@{pid}/attr/current rw,
  /usr/bin/doveconf rix,
  /usr/lib/dovecot/imap mrix,
  /usr/share/dovecot/** r,
--- a/profiles/apparmor.d/usr.lib.dovecot.lmtp
+++ b/profiles/apparmor.d/usr.lib.dovecot.lmtp
@@ -28,7 +28,7 @@
  @{DOVECOT_MAILSTORE}/** rwkl,

  @{HOME}/.dovecot.svbin r,
-
+  @{PROC}/@{pid}/attr/current rw,
  /proc/*/mounts r,
  /tmp/dovecot.lmtp.* rw,
  /usr/lib/dovecot/lmtp mr,