[Bug 691072] New: Apparmor profile prevents access to /var/mail = symlink to /var/spool/mail
https://bugzilla.novell.com/show_bug.cgi?id=691072 https://bugzilla.novell.com/show_bug.cgi?id=691072#c0 Summary: Apparmor profile prevents access to /var/mail = symlink to /var/spool/mail Classification: openSUSE Product: openSUSE 11.4 Version: Final Platform: Other OS/Version: openSUSE 11.4 Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: jeffm@novell.com ReportedBy: joop.boonen@boonen.org QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0.0) Gecko/20100101 Firefox/4.0 As Apparmor doesn't allow following symlinks (what I think should be like that). The mail files /var/spool/mail/* is missing in the apparmor profile files for dovecot. This is for dovecot 1.2.16. For dovecot 2.0.9 this profile isn't correct at all. I wonder if it would be an idea to separate the apparmor profiles partly from apparmor. And have separate apparmor profiles for different programs. With <packagename>-apparmor like for instance dovecot12-apparmor and dovecot20-apparmor. Reproducible: Always Steps to Reproduce: 1. 2. 3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c1
--- Comment #1 from Joop Boonen
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c2
--- Comment #2 from Jeff Mahoney
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c3
--- Comment #3 from Joop Boonen
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c
Joop Boonen
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c4
Jeff Mahoney
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c5
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c6
--- Comment #6 from Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c7
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c
Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c8
Christian Boltz
I've committed the fix to security:apparmor:factory and openSUSE:11.4.
Jeff, the dovecot profile patch is NOT in security:apparmor:factory :-( -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c9
--- Comment #9 from Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c10
--- Comment #10 from Christian Boltz
Jeff, should we release the update without this patch and include it into the next update or would you submit new sources?
I'm not Jeff, but: the patch is in 11.4:Update:Test already. It's "only" missing in security:apparmor:factory, but that's unrelated to the update. Therefore I'd say that you should release the update. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c11
--- Comment #11 from Christian Dengler
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c12
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c13
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c14
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=691072
https://bugzilla.novell.com/show_bug.cgi?id=691072#c15
--- Comment #15 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com