update usr.bin.dovecot profile

after testing the dovecot profiles on a new server, I noticed /usr/sbin/dovecot needs some more permissions: - mysql access - execution permissions for /usr/lib/dovecot/dict and lmtp - write access to some postfix sockets, used to - provide SMTP Auth via dovecot - deliver mails to dovecot via LMTP - and read access to /proc/filesystems Acked-by: John Johansen <john.johansen@canonical.com>
2025-08-29 05:17:59 +00:00 · 2014-02-02 15:13:51 +01:00 · 2014-02-02 15:13:51 +01:00 · a38ce71813
commit a38ce71813
parent 8b802b3fe6
1 changed files with 6 additions and 0 deletions
--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@ -15,6 +15,7 @@
 /usr/sbin/dovecot {
  #include <abstractions/authentication>
  #include <abstractions/base>
+  #include <abstractions/mysql>
  #include <abstractions/nameservice>
  #include <abstractions/ssl_certs>
  #include <abstractions/ssl_keys>
@ -33,13 +34,16 @@
  /etc/lsb-release r,
  /etc/SuSE-release r,
  @{PROC}/@{pid}/mounts r,
+  @{PROC}/filesystems r,
  /usr/bin/doveconf rix,
  /usr/lib/dovecot/anvil Px,
  /usr/lib/dovecot/auth Px,
  /usr/lib/dovecot/config Px,
+  /usr/lib/dovecot/dict Px,
  /usr/lib/dovecot/dovecot-auth Pxmr,
  /usr/lib/dovecot/imap Pxmr,
  /usr/lib/dovecot/imap-login Pxmr,
+  /usr/lib/dovecot/lmtp Px,
  /usr/lib/dovecot/log Px,
  /usr/lib/dovecot/managesieve Px,
  /usr/lib/dovecot/managesieve-login Pxmr,
@ -50,6 +54,8 @@
  /usr/sbin/dovecot mrix,
  /var/lib/dovecot/ w,
  /var/lib/dovecot/* rwkl,
+  /var/spool/postfix/private/auth w,
+  /var/spool/postfix/private/dovecot-lmtp w,
  /{,var/}run/dovecot/ rw,
  /{,var/}run/dovecot/** rw,
  link /{,var/}run/dovecot/** -> /var/lib/dovecot/**,