mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-09-03 15:55:46 +00:00
Code Issues Releases Wiki Activity

Allow dovecot to use all signals

Browse Source 
similar to commit 2f9d172c64
we discovered that there was a service outage
when dovecot tried to send a usr1 signal

type=AVC msg=audit(1648024138.249:184964): apparmor="DENIED" operation="signal" profile="dovecot" pid=1690 comm="dovecot" requested_mask="send" denied_mask="send" signal=usr1 peer="dovecot-imap-login"
This commit is contained in:
Bernhard M. Wiedemann
2022-03-23 14:25:00 +01:00
parent e2319167d0
commit f0919f83f1
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
profiles/apparmor.d/usr.sbin.dovecot
View File

@@ -33,8 +33,8 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
capability sys_chroot, capability sys_chroot,
capability sys_resource, capability sys_resource,
signal send set=(int,quit,term,kill) peer=/usr/lib/dovecot/*, signal send peer=/usr/lib/dovecot/*,
signal send set=(int,quit,term,kill) peer=dovecot-*, signal send peer=dovecot-*,
unix (receive, send) type=stream peer=(label=/usr/lib/dovecot/anvil), unix (receive, send) type=stream peer=(label=/usr/lib/dovecot/anvil),
unix (receive, send) type=stream peer=(label=dovecot-anvil), unix (receive, send) type=stream peer=(label=dovecot-anvil),