Web lists-archives.com

Re: AppArmor permissions to create a specific directory




On 11/03/18 17:56, André Rodier wrote:
> Hello,
> 
> I am working on a project to help self hosting emails with Debian.
> 
> I reached a point I am satisfied, but I have an issue with AppArmor some
> experts may know how to solve.
> 
> I have set the rules with Dovecot and AppArmor, and it works very well
> so far, except when the mail folder is not existing yet.
> 
> Is there any way to write a permission for AppArmor, that will let
> dovecot create the maildir folder when it is not exists.
> 
> This is the error I have, the first time a user tries to access his mail
> box:
>> Mar 11 17:45:05 homebox kernel: [  356.357353] audit: type=1400 audit(1520790305.235:176): apparmor="DENIED" operation="mkdir" profile="/usr/lib/dovecot/imap" name="/home/users/andre/mails/" pid=32645 comm="imap" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001
> 
> Obviously, I don't want to add a rule to let dovecot to write in the
> home directory!
> 
> Thanks for your help,
> André
> 
OK, I am now creating the mail folders before the deployment of Dovecot,
for each user.

Actually, this make more sense. The only issue is when creating new users.