Re: AppArmor permissions to create a specific directory
- Date: Sun, 11 Mar 2018 18:13:27 +0000
- From: André Rodier <andre@xxxxxxxxx>
- Subject: Re: AppArmor permissions to create a specific directory
On 11/03/18 17:56, André Rodier wrote:
> I am working on a project to help self hosting emails with Debian.
> I reached a point I am satisfied, but I have an issue with AppArmor some
> experts may know how to solve.
> I have set the rules with Dovecot and AppArmor, and it works very well
> so far, except when the mail folder is not existing yet.
> Is there any way to write a permission for AppArmor, that will let
> dovecot create the maildir folder when it is not exists.
> This is the error I have, the first time a user tries to access his mail
>> Mar 11 17:45:05 homebox kernel: [ 356.357353] audit: type=1400 audit(1520790305.235:176): apparmor="DENIED" operation="mkdir" profile="/usr/lib/dovecot/imap" name="/home/users/andre/mails/" pid=32645 comm="imap" requested_mask="c" denied_mask="c" fsuid=1001 ouid=1001
> Obviously, I don't want to add a rule to let dovecot to write in the
> home directory!
> Thanks for your help,
OK, I am now creating the mail folders before the deployment of Dovecot,
for each user.
Actually, this make more sense. The only issue is when creating new users.