[Pkg-giraffe-maintainers] Bug#933886: AppArmor configuration doesn't cover userscripts
Carsten Schoenert
c.schoenert at t-online.de
Mon Aug 5 19:20:18 BST 2019
Control: tags -1 pending
Hello Martin,
nice catch!
On Sun, Aug 04, 2019 at 11:02:51PM +0200, Martin Wolf wrote:
> Package: kopano-server
> Version: 8.7.0-3
>
> The default AppArmor configuration file
> /etc/apparmor.d/usr.sbin.kopano-server doesn't cover the default
> userscripts in /usr/lib/kopano/userscripts/*, which are required to e.g.
> create or delete a new user (or a company/tenancy), thus basically
> everything. The AppArmor configuration however covers individual
> userscripts in /etc/kopano/userscripts/* somehow, while
> /etc/kopano/userscripts/* doesn't exist by default and
> /usr/lib/kopano/userscripts/* is referenced in /etc/kopano/server.cfg as
> default.
So far I remember the folder in /etc was the old default before 8.6.x,
but we didn't updated the AppArmor profile for the server accordingly
after that change.
> Adding " /usr/lib/kopano/userscripts/* Cxr -> kopano_userscripts," to
> /etc/apparmor.d/usr.sbin.kopano-server seems to help.
I've modified modify the current rule in usr.sbin.kopano-server to adopt the
current default.
Regards
Carsten
More information about the Pkg-giraffe-maintainers
mailing list