Merge Profiles: dovecot add access for dovecot 2.4 doveconf paths

Dovecot 2.4 now creates a "binary" version of its config via doveconf. This needs new access rules, as it otherwise prevents all Dovecot processes from accessing this new configuration.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1733
Approved-by: Christian Boltz <apparmor@cboltz.de>
Merged-by: Christian Boltz <apparmor@cboltz.de>

profiles/apparmor.d/abstractions/dovecot-common

@@ -19,6 +19,8 @@
   signal receive peer=dovecot,
 
   owner @{run}/dovecot/config rw,
+  owner @{run}/dovecot/dovecot.conf.binary r,
+  owner /tmp/doveconf.* r,
 
   # Include additions to the abstraction
   include if exists <abstractions/dovecot-common.d>

profiles/apparmor.d/usr.lib.dovecot.config

@@ -28,6 +28,8 @@ profile dovecot-config /usr/lib*/dovecot/config {
   /usr/lib*/dovecot/managesieve Px,
   /usr/share/dovecot/** r,
   /var/lib/dovecot/ssl-parameters.dat r,
+  owner @{run}/dovecot/dovecot.conf.binary* rw,
+  owner /tmp/doveconf.* rw,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.lib.dovecot.config>

profiles/apparmor.d/usr.sbin.dovecot

@@ -78,6 +78,7 @@ profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
   @{run}/dovecot/ rw,
   @{run}/dovecot/** rw,
   link @{run}/dovecot/** -> /var/lib/dovecot/**,
+  owner /tmp/doveconf.* rw,
 
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/usr.sbin.dovecot>