backport dovecot profile additions

This is a partial backport of bc36daa264 (without the abstractions/nameservice removal in usr.lib.dovecot.pop3-login) Original commmit message: dovecot: align {pop3,managesieve}-login to imap-login Those 3 login daemons should have similiar needs and thus similar profiles. IMAP is likely the most tested one so let's align the other 2 with it. Unix and TCP sockets rules were added to pop3-login after the removal of abstractions/nameservice that included them implicitly. Signed-off-by: Simon Deziel <simon@sdeziel.info>
2025-09-01 06:45:38 +00:00 · 2019-06-13 22:26:18 +02:00
parent 9318977332
commit e97af4af46
2 changed files with 4 additions and 0 deletions
--- a/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.managesieve-login
@@ -25,6 +25,7 @@

  network inet stream,
  network inet6 stream,
+  network unix stream,

  /usr/lib/dovecot/managesieve-login mr,
  /{,var/}run/dovecot/login-master-notify* rw,
--- a/profiles/apparmor.d/usr.lib.dovecot.pop3-login
+++ b/profiles/apparmor.d/usr.lib.dovecot.pop3-login
@@ -22,8 +22,11 @@
  capability setuid,
  capability sys_chroot,

+  network unix stream,
+
  /usr/lib/dovecot/pop3-login mr,
  /{,var/}run/dovecot/anvil rw,
+  /{,var/}run/dovecot/login-master-notify* rw,
  /{,var/}run/dovecot/login/ r,
  /{,var/}run/dovecot/login/* rw,