logo

apparmor.d

Unnamed repository; edit this file 'description' to name the repository. git clone https://hacktivis.me/git/apparmor.d.git

usr.sbin.dovecot (2574B)

    

  1. # ------------------------------------------------------------------
  2. #
  3. #    Copyright (C) 2009-2013 Canonical Ltd.
  4. #    Copyright (C) 2011-2020 Christian Boltz
  5. #
  6. #    This program is free software; you can redistribute it and/or
  7. #    modify it under the terms of version 2 of the GNU General Public
  8. #    License published by the Free Software Foundation.
  9. #
  10. # ------------------------------------------------------------------
  11. # vim: ft=apparmor
  13. abi <abi/3.0>,
  15. include <tunables/global>
  17. profile dovecot /usr/{bin,sbin}/dovecot flags=(attach_disconnected) {
  18.   include <abstractions/authentication>
  19.   include <abstractions/base>
  20.   include <abstractions/dovecot-common>
  21.   include <abstractions/mysql>
  22.   include <abstractions/nameservice>
  23.   include <abstractions/ssl_certs>
  24.   include <abstractions/ssl_keys>
  26.   capability chown,
  27.   capability dac_override,
  28.   capability dac_read_search,
  29.   capability fsetid,
  30.   capability kill,
  31.   capability net_bind_service,
  32.   capability setuid,
  33.   capability sys_chroot,
  34.   capability sys_resource,
  36.   signal send peer=/usr/lib/dovecot/*,
  37.   signal send peer=dovecot-*,
  39.   unix (receive, send) type=stream peer=(label=/usr/lib/dovecot/anvil),
  40.   unix (receive, send) type=stream peer=(label=dovecot-anvil),
  42.   /etc/dovecot/** r,
  43.   /etc/mtab r,
  44.   /etc/lsb-release r,
  45.   /etc/SuSE-release r,
  46.   @{PROC}/@{pid}/mounts r,
  47.   @{PROC}/sys/fs/suid_dumpable r,
  48.   /usr/bin/doveconf rix,
  49.   /usr/lib/dovecot/anvil mrPx,
  50.   /usr/lib/dovecot/auth mrPx,
  51.   /usr/lib/dovecot/config mrPx,
  52.   /usr/lib/dovecot/dict mrPx,
  53.   /usr/lib/dovecot/director mrPx,
  54.   /usr/lib/dovecot/doveadm-server mrPx,
  55.   /usr/lib/dovecot/dovecot-auth Pxmr,
  56.   /usr/lib/dovecot/imap Pxmr,
  57.   /usr/lib/dovecot/imap-login Pxmr,
  58.   /usr/lib/dovecot/lmtp mrPx,
  59.   /usr/lib/dovecot/log mrPx,
  60.   /usr/lib/dovecot/managesieve mrPx,
  61.   /usr/lib/dovecot/managesieve-login Pxmr,
  62.   /usr/lib/dovecot/pop3 mrPx,
  63.   /usr/lib/dovecot/pop3-login Pxmr,
  64.   /usr/lib/dovecot/replicator mrPx,
  65.   /usr/lib/dovecot/script-login Px,
  66.   /usr/lib/dovecot/ssl-build-param rix,
  67.   /usr/lib/dovecot/ssl-params mrPx,
  68.   /usr/lib/dovecot/stats Px,
  69.   /usr/{bin,sbin}/dovecot mrix,
  70.   /usr/share/dovecot/dh.pem r,
  71.   /usr/share/dovecot/protocols.d/   r,
  72.   /usr/share/dovecot/protocols.d/** r,
  73.   /var/lib/dovecot/ w,
  74.   /var/lib/dovecot/* rwkl,
  75.   /var/spool/postfix/private/auth w,
  76.   /var/spool/postfix/private/dovecot-lmtp w,
  77.   @{run}/dovecot/ rw,
  78.   @{run}/dovecot/** rw,
  79.   link @{run}/dovecot/** -> /var/lib/dovecot/**,
  81.   # Site-specific additions and overrides. See local/README for details.
  82.   include if exists <local/usr.sbin.dovecot>
  83. }