http://bugzilla.opensuse.org/show_bug.cgi?id=1166007
http://bugzilla.opensuse.org/show_bug.cgi?id=1166007#c15
Christian Boltz changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |IN_PROGRESS
OS|openSUSE Factory |All
--- Comment #15 from Christian Boltz ---
Thanks, and sorry for the late response.
I submitted the script-login profile upstream with some changes:
dropped rules:
#include # probably only needed by your script
#include # too much, replaced by
# capability setuid
/bin/bash mr, # probably only needed by your script
/home/vmail/bin/postlogin.sh Px, # needs to go into local/
/proc/filesystems r, # part of abstractions/base
added rules:
capability setuid,
#include
Note that you'll need to allow the execution of your script (there's no good
upstreeam default path, therefore I didn't include a rule for it). The best way
is to do this in local/usr.lib.dovecot.script-login, in your case with
/home/vmail/bin/postlogin.sh Px,
Upstream merge request:
https://gitlab.com/apparmor/apparmor/-/merge_requests/635
Note that the upstreamed profile will need a few changes for usage with
AppArmor 2.13.x. (Loading the profile should work, but the 2.13 aa-* tools
won't like "include if exists".)
--
You are receiving this mail because:
You are on the CC list for the bug.