logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

usr.lib.dovecot.dovecot-lda (2866B)

    

  1. # ------------------------------------------------------------------
  2. #
  3. #    Copyright (C) 2013-2020 Christian Boltz
  4. #
  5. #    This program is free software; you can redistribute it and/or
  6. #    modify it under the terms of version 2 of the GNU General Public
  7. #    License published by the Free Software Foundation.
  8. #
  9. # ------------------------------------------------------------------
  10. # vim: ft=apparmor
  12. abi <abi/3.0>,
  14. include <tunables/global>
  15. include <tunables/dovecot>
  17. profile dovecot-dovecot-lda /usr/lib/dovecot/dovecot-lda flags=(attach_disconnected) {
  18.   include <abstractions/base>
  19.   include <abstractions/nameservice>
  20.   include <abstractions/dovecot-common>
  22.   capability setuid,
  24.   @{DOVECOT_MAILSTORE}/ rw,
  25.   @{DOVECOT_MAILSTORE}/** rwkl,
  27.   /etc/dovecot/** r,
  28.   @{PROC}/*/mounts r,
  29.   owner /tmp/dovecot.lda.* rw,
  30.   @{run}/dovecot/mounts r,
  31.   @{run}/dovecot/auth-userdb rw,
  32.   /usr/bin/doveconf mrix,
  33.   /usr/lib/dovecot/dovecot-lda mrix,
  34.   /usr/{bin,sbin}/sendmail Cx -> sendmail,
  35.   /usr/share/dovecot/protocols.d/ r,
  36.   /usr/share/dovecot/protocols.d/** r,
  38.   # Site-specific additions and overrides. See local/README for details.
  39.   include if exists <local/usr.lib.dovecot.dovecot-lda>
  42.   profile sendmail /usr/{bin,sbin}/sendmail flags=(attach_disconnected) {
  43.     # this profile is based on the usr.sbin.sendmail profile in extras
  44.     # and should support both postfix' and sendmail's sendmail binary
  46.     include <abstractions/base>
  47.     include <abstractions/consoles>
  48.     include <abstractions/nameservice>
  49.     include <abstractions/user-tmp>
  50.     include <abstractions/postfix-common>
  51.     include <abstractions/hosts_access>
  53.     capability sys_ptrace,
  55.     /etc/aliases rw,     # newaliases is a symlink to sendmail, so it's
  56.     /etc/aliases.db rw,  # actually the same binary
  57.     /etc/fstab r,
  58.     /etc/mail/* r,
  59.     /etc/mail/statistics rw,
  60.     /etc/mtab r,
  61.     /etc/postfix/aliases r,
  62.     /etc/postfix/aliases.db rw,  # newaliases again
  63.     /etc/sendmail.cf r,
  64.     /etc/sendmail.cw r,
  65.     /etc/shells r,
  66.     @{PROC}/loadavg r,
  67.     @{PROC}/net/if_inet6 r,
  68.     /root/.forward r,
  69.     /root/dead.letter w,
  70.     /usr/bin/procmail Px,
  71.     /usr/lib/postfix/{bin/,sbin/,}master Px,
  72.     /usr/lib/postfix/{bin/,sbin/,}showq Px,
  73.     /usr/lib/postfix/{bin/,sbin/,}smtpd Px,
  74.     /usr/{bin,sbin}/postalias Px,
  75.     /usr/{bin,sbin}/postdrop Px,
  76.     /usr/{bin,sbin}/postfix Px,
  77.     /usr/{bin,sbin}/postqueue Px,
  78.     /usr/{bin,sbin}/sendmail mrix,
  79.     /usr/{bin,sbin}/sendmail.postfix mrix,
  80.     /usr/{bin,sbin}/sendmail.sendmail mrix,
  81.     @{run}/sendmail.pid rwl,
  82.     @{run}/sm-client.pid rwl,
  83.     @{run}/utmp rw,
  84.     /var/spool/clientmqueue/* rwl,
  85.     /var/spool/mail/* rwl,
  86.     /var/spool/mqueue/* rwl,
  87.     /var/spool/postfix/maildrop/* rwl,
  88.     /var/spool/postfix/public/pickup w,
  89.     /var/spool/postfix/public/qmgr w,
  90.     /var/spool/postfix/public/showq w,
  91.   }
  92. }