File: usr.lib.dovecot.dovecot-lda

package info (click to toggle)
apparmor 2.13.4-3
  • links: PTS, VCS
  • area: main
  • in suites: bullseye, sid
  • size: 28,524 kB
  • sloc: python: 19,111; ansic: 17,059; perl: 11,105; sh: 10,461; cpp: 5,396; yacc: 1,950; makefile: 1,678; pascal: 1,097; lex: 1,092; ruby: 374; exp: 250; java: 212; xml: 159
file content (91 lines) | stat: -rw-r--r-- 2,805 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
# ------------------------------------------------------------------
#
#    Copyright (C) 2013-2016 Christian Boltz
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim: ft=apparmor

#include <tunables/global>
#include <tunables/dovecot>

/usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/dovecot-common>

  capability setuid,

  @{DOVECOT_MAILSTORE}/ rw,
  @{DOVECOT_MAILSTORE}/** rwkl,

  /etc/dovecot/** r,
  /proc/*/mounts r,
  owner /tmp/dovecot.lda.* rw,
  /{var/,}run/dovecot/mounts r,
  /run/dovecot/auth-userdb rw,
  /usr/bin/doveconf mrix,
  /usr/lib/dovecot/dovecot-lda mrix,
  /usr/{bin,sbin}/sendmail Cx -> sendmail,
  /usr/share/dovecot/protocols.d/ r,
  /usr/share/dovecot/protocols.d/** r,

  # Site-specific additions and overrides. See local/README for details.
  ## include <local/usr.lib.dovecot.dovecot-lda>


  profile sendmail /usr/{bin,sbin}/sendmail flags=(attach_disconnected) {
    # this profile is based on the usr.sbin.sendmail profile in extras
    # and should support both postfix' and sendmail's sendmail binary

    #include <abstractions/base>
    #include <abstractions/consoles>
    #include <abstractions/nameservice>
    #include <abstractions/user-tmp>
    #include <abstractions/postfix-common>

    capability sys_ptrace,

    /etc/aliases rw,     # newaliases is a symlink to sendmail, so it's
    /etc/aliases.db rw,  # actually the same binary
    /etc/fstab r,
    /etc/hosts.allow r,
    /etc/hosts.deny r,
    /etc/mail/* r,
    /etc/mail/statistics rw,
    /etc/mtab r,
    /etc/postfix/aliases r,
    /etc/postfix/aliases.db rw,  # newaliases again
    /etc/sendmail.cf r,
    /etc/sendmail.cw r,
    /etc/shells r,
    /proc/loadavg r,
    /proc/net/if_inet6 r,
    /root/.forward r,
    /root/dead.letter w,
    /usr/bin/procmail Px,
    /usr/lib/postfix/master Px,
    /usr/lib/postfix/showq Px,
    /usr/lib/postfix/smtpd Px,
    /usr/{bin,sbin}/postalias Px,
    /usr/{bin,sbin}/postdrop Px,
    /usr/{bin,sbin}/postfix Px,
    /usr/{bin,sbin}/postqueue Px,
    /usr/{bin,sbin}/sendmail mrix,
    /usr/{bin,sbin}/sendmail.postfix mrix,
    /usr/{bin,sbin}/sendmail.sendmail mrix,
    /{var/,}run/sendmail.pid rwl,
    /{var/,}run/sm-client.pid rwl,
    /{var/,}run/utmp rw,
    /var/spool/clientmqueue/* rwl,
    /var/spool/mail/* rwl,
    /var/spool/mqueue/* rwl,
    /var/spool/postfix/maildrop/* rwl,
    /var/spool/postfix/public/pickup w,
    /var/spool/postfix/public/qmgr w,
    /var/spool/postfix/public/showq w,
  }
}