dovecot: allow FD passing between dovecot and dovecot's anvil

2025-08-22 10:07:12 +00:00 · 2019-02-10 21:36:10 -05:00 · 2019-02-10 21:36:10 -05:00 · a57f01d86b
commit a57f01d86b
parent f2c0a11327
2 changed files with 4 additions and 0 deletions
--- a/profiles/apparmor.d/usr.lib.dovecot.anvil
+++ b/profiles/apparmor.d/usr.lib.dovecot.anvil
@ -18,6 +18,8 @@
  capability setuid,
  capability sys_chroot,

+  unix (receive, send) type=stream peer=(label=dovecot),
+
  /run/dovecot/anvil rw,
  /usr/lib/dovecot/anvil mr,

--- a/profiles/apparmor.d/usr.sbin.dovecot
+++ b/profiles/apparmor.d/usr.sbin.dovecot
@ -33,6 +33,8 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {

  signal send set=(int,quit) peer=/usr/lib/dovecot/*,

+  unix (receive, send) type=stream peer=(label=/usr/lib/dovecot/anvil),
+
  /etc/dovecot/** r,
  /etc/mtab r,
  /etc/lsb-release r,