File apparmor-profiles-dovecot-bnc851984.diff of Package apparmor.155

Overview Repositories Revisions Requests Users Attributes Meta

File apparmor-profiles-dovecot-bnc851984.diff of Package apparmor.155

diff -u -p profiles/apparmor.d/usr.lib.dovecot.deliver ./usr.lib.dovecot.deliver
--- profiles/apparmor.d/usr.lib.dovecot.deliver	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.deliver	2014-01-01 19:22:33.468445136 +0100
@@ -1,6 +1,19 @@
-# Author: Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009 Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
+#    Copyright (C) 2009-2012 Canonical Ltd.
+#    Copyright (C) 2011-2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
+#include <tunables/dovecot>
+
 /usr/lib/dovecot/deliver {
   #include <abstractions/base>
   #include <abstractions/nameservice>
@@ -8,20 +21,16 @@
   capability setgid,
   capability setuid,
 
+  @{DOVECOT_MAILSTORE}/ rw,
+  @{DOVECOT_MAILSTORE}/** rwkl,
+
   # http://www.postfix.org/SASL_README.html#server_dovecot
   /etc/dovecot/dovecot.conf r,
   /etc/dovecot/{auth,conf}.d/*.conf r,
-  /etc/dovecot/dovecot-postfix.conf r,
+  /etc/dovecot/dovecot-postfix.conf r, # ???
 
-  @{HOME} r,
-  @{HOME}/Maildir/ rw,
-  @{HOME}/Maildir/** klrw,
-  @{HOME}/mail/ rw,
-  @{HOME}/mail/* klrw,
-  @{HOME}/mail/.imap/** klrw,
+  @{HOME} r, # ???
   /usr/lib/dovecot/deliver mr,
-  /var/mail/* klrw,
-  /var/spool/mail/* klrw,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.lib.dovecot.deliver>
diff -u -p profiles/apparmor.d/usr.lib.dovecot.dovecot-auth ./usr.lib.dovecot.dovecot-auth
--- profiles/apparmor.d/usr.lib.dovecot.dovecot-auth	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.dovecot-auth	2014-01-01 19:18:33.183586607 +0100
@@ -1,6 +1,17 @@
-# Author: Kees Cook <kees@ubuntu.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009-2013 Canonical Ltd.
+#    Copyright (C) 2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
+
 /usr/lib/dovecot/dovecot-auth {
   #include <abstractions/authentication>
   #include <abstractions/base>
diff -u -p profiles/apparmor.d/usr.lib.dovecot.imap ./usr.lib.dovecot.imap
--- profiles/apparmor.d/usr.lib.dovecot.imap	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.imap	2013-12-30 21:59:34.990459644 +0100
@@ -1,6 +1,18 @@
-# Author: Kees Cook <kees@ubuntu.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009-2010 Canonical Ltd.
+#    Copyright (C) 2011-2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
+#include <tunables/dovecot>
+
 /usr/lib/dovecot/imap {
   #include <abstractions/base>
   #include <abstractions/nameservice>
@@ -8,18 +20,11 @@
   capability setgid,
   capability setuid,
 
-  @{HOME} r,
-  @{HOME}/Maildir/ rw,
-  @{HOME}/Maildir/** klrw,
-  @{HOME}/Mail/ rw,
-  @{HOME}/Mail/* klrw,
-  @{HOME}/Mail/.imap/** klrw,
-  @{HOME}/mail/ rw,
-  @{HOME}/mail/* klrw,
-  @{HOME}/mail/.imap/** klrw,
+  @{DOVECOT_MAILSTORE}/ rw,
+  @{DOVECOT_MAILSTORE}/** rwkl,
+
+  @{HOME} r, # ???
   /usr/lib/dovecot/imap mr,
-  /var/mail/* klrw,
-  /var/spool/mail/* klrw,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.lib.dovecot.imap>
diff -u -p profiles/apparmor.d/usr.lib.dovecot.imap-login ./usr.lib.dovecot.imap-login
--- profiles/apparmor.d/usr.lib.dovecot.imap-login	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.imap-login	2014-01-01 19:21:43.299398259 +0100
@@ -1,4 +1,14 @@
-# Author: Kees Cook <kees@ubuntu.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009-2011 Canonical Ltd.
+#    Copyright (C) 2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
 /usr/lib/dovecot/imap-login {
diff -u -p profiles/apparmor.d/usr.lib.dovecot.managesieve-login ./usr.lib.dovecot.managesieve-login
--- profiles/apparmor.d/usr.lib.dovecot.managesieve-login	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.managesieve-login	2014-01-01 19:21:23.986535007 +0100
@@ -1,4 +1,15 @@
-# Author: Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (c) 2009 Dulmandakh Sukhbaatar <dulmandakh@gmail.com>
+#    Copyright (C) 2009-2011 Canonical Ltd.
+#    Copyright (C) 2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
 /usr/lib/dovecot/managesieve-login {
diff -u -p profiles/apparmor.d/usr.lib.dovecot.pop3 ./usr.lib.dovecot.pop3
--- profiles/apparmor.d/usr.lib.dovecot.pop3	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.pop3	2013-12-30 22:00:13.820132421 +0100
@@ -1,6 +1,18 @@
-# Author: Kees Cook <kees@ubuntu.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009-2010 Canonical Ltd.
+#    Copyright (C) 2011-2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
+#include <tunables/dovecot>
+
 /usr/lib/dovecot/pop3 {
   #include <abstractions/base>
   #include <abstractions/nameservice>
@@ -8,13 +20,10 @@
   capability setgid,
   capability setuid,
 
-  /var/mail/* klrw,
-  /var/spool/mail/* klrw,
-  @{HOME} r,
-  @{HOME}/mail/* klrw,
-  @{HOME}/mail/.imap/** klrw,
-  @{HOME}/Maildir/ rw,
-  @{HOME}/Maildir/** klrw,
+  @{DOVECOT_MAILSTORE}/ rw,
+  @{DOVECOT_MAILSTORE}/** rwkl,
+
+  @{HOME} r, # ???
   /usr/lib/dovecot/pop3 mr,
 
   # Site-specific additions and overrides. See local/README for details.
diff -u -p profiles/apparmor.d/usr.lib.dovecot.pop3-login ./usr.lib.dovecot.pop3-login
--- profiles/apparmor.d/usr.lib.dovecot.pop3-login	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.lib.dovecot.pop3-login	2014-01-01 19:26:54.614068901 +0100
@@ -1,6 +1,17 @@
-# Author: Kees Cook <kees@ubuntu.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009-2011 Canonical Ltd.
+#    Copyright (C) 2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
+
 /usr/lib/dovecot/pop3-login {
   #include <abstractions/base>
   #include <abstractions/nameservice>
diff -u -p profiles/apparmor.d/usr.sbin.dovecot ./usr.sbin.dovecot
--- profiles/apparmor.d/usr.sbin.dovecot	2013-12-30 22:43:37.000000000 +0100
+++ profiles/apparmor.d/usr.sbin.dovecot	2013-12-30 22:01:14.209513153 +0100
@@ -1,6 +1,18 @@
-# Author: Kees Cook <kees@ubuntu.com>
+# ------------------------------------------------------------------
+#
+#    Copyright (C) 2009-2013 Canonical Ltd.
+#    Copyright (C) 2011-2013 Christian Boltz
+#
+#    This program is free software; you can redistribute it and/or
+#    modify it under the terms of version 2 of the GNU General Public
+#    License published by the Free Software Foundation.
+#
+# ------------------------------------------------------------------
+# vim: ft=apparmor
 
 #include <tunables/global>
+#include <tunables/dovecot>
+
 /usr/sbin/dovecot {
   #include <abstractions/authentication>
   #include <abstractions/base>
@@ -9,29 +21,42 @@
   #include <abstractions/ssl_keys>
 
   capability chown,
+  capability dac_override,
+  capability fsetid,
+  capability kill,
   capability net_bind_service,
   capability setgid,
   capability setuid,
   capability sys_chroot,
-  capability fsetid,
+
+
+
+  @{DOVECOT_MAILSTORE}/ rw,
+  @{DOVECOT_MAILSTORE}/** rwkl,
 
   /etc/dovecot/** r,
   /etc/mtab r,
   /etc/lsb-release r,
   /etc/SuSE-release r,
   @{PROC}/[0-9]*/mounts r,
+  /usr/bin/doveconf rix,
+  /usr/lib/dovecot/anvil Px,
+  /usr/lib/dovecot/auth Px,
+  /usr/lib/dovecot/config Px,
   /usr/lib/dovecot/dovecot-auth Pxmr,
   /usr/lib/dovecot/imap Pxmr,
   /usr/lib/dovecot/imap-login Pxmr,
+  /usr/lib/dovecot/log Px,
+  /usr/lib/dovecot/managesieve Px,
+  /usr/lib/dovecot/managesieve-login Pxmr,
   /usr/lib/dovecot/pop3 Px,
   /usr/lib/dovecot/pop3-login Pxmr,
-  # temporarily commented out while testing
-  #/usr/lib/dovecot/managesieve Px,
-  /usr/lib/dovecot/managesieve-login Pxmr,
-  /usr/lib/dovecot/ssl-build-param ixr,
-  /usr/sbin/dovecot mr,
+  /usr/lib/dovecot/ssl-build-param rix,
+  /usr/lib/dovecot/ssl-params Px,
+  /usr/sbin/dovecot mrix,
   /var/lib/dovecot/ w,
-  /var/lib/dovecot/* krw,
+  /var/lib/dovecot/* rwkl,
+  /var/spool/postfix/private/* w,
   /{,var/}run/dovecot/ rw,
   /{,var/}run/dovecot/** rw,
   link /{,var/}run/dovecot/** -> /var/lib/dovecot/**,

Places

File apparmor-profiles-dovecot-bnc851984.diff of Package apparmor.155

Places