This file is indexed.

/etc/apparmor.d/usr.lib.dovecot.dovecot-lda is in apparmor-profiles 2.11.0-3+deb9u2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
# ------------------------------------------------------------------
#
#    Copyright (C) 2013-2016 Christian Boltz
#
#    This program is free software; you can redistribute it and/or
#    modify it under the terms of version 2 of the GNU General Public
#    License published by the Free Software Foundation.
#
# ------------------------------------------------------------------
# vim: ft=apparmor

#include <tunables/global>
#include <tunables/dovecot>

/usr/lib/dovecot/dovecot-lda flags=(complain) {
  #include <abstractions/base>
  #include <abstractions/nameservice>
  #include <abstractions/dovecot-common>

  capability setuid,

  @{DOVECOT_MAILSTORE}/ rw,
  @{DOVECOT_MAILSTORE}/** rwkl,

  /etc/dovecot/** r,
  /proc/*/mounts r,
  owner /tmp/dovecot.lda.* rw,
  /{var/,}run/dovecot/mounts r,
  /usr/bin/doveconf mrix,
  /usr/lib/dovecot/dovecot-lda mrix,
  /usr/sbin/sendmail Cx,

  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.lib.dovecot.dovecot-lda>


  profile /usr/sbin/sendmail flags=(complain,attach_disconnected) {
    # this profile is based on the usr.sbin.sendmail profile in extras
    # and should support both postfix' and sendmail's sendmail binary

    #include <abstractions/base>
    #include <abstractions/consoles>
    #include <abstractions/nameservice>
    #include <abstractions/user-tmp>
    #include <abstractions/postfix-common>

    capability sys_ptrace,

    /etc/aliases rw,     # newaliases is a symlink to sendmail, so it's
    /etc/aliases.db rw,  # actually the same binary
    /etc/fstab r,
    /etc/hosts.allow r,
    /etc/hosts.deny r,
    /etc/mail/* r,
    /etc/mail/statistics rw,
    /etc/mtab r,
    /etc/postfix/aliases r,
    /etc/postfix/aliases.db rw,  # newaliases again
    /etc/sendmail.cf r,
    /etc/sendmail.cw r,
    /etc/shells r,
    /proc/loadavg r,
    /proc/net/if_inet6 r,
    /root/.forward r,
    /root/dead.letter w,
    /usr/bin/procmail Px,
    /usr/lib/postfix/master Px,
    /usr/lib/postfix/showq Px,
    /usr/lib/postfix/smtpd Px,
    /usr/sbin/postalias Px,
    /usr/sbin/postdrop Px,
    /usr/sbin/postfix Px,
    /usr/sbin/postqueue Px,
    /usr/sbin/sendmail mrix,
    /usr/sbin/sendmail.postfix mrix,
    /usr/sbin/sendmail.sendmail mrix,
    /{var/,}run/sendmail.pid rwl,
    /{var/,}run/sm-client.pid rwl,
    /{var/,}run/utmp rw,
    /var/spool/clientmqueue/* rwl,
    /var/spool/mail/* rwl,
    /var/spool/mqueue/* rwl,
    /var/spool/postfix/maildrop/* rwl,
    /var/spool/postfix/public/pickup w,
    /var/spool/postfix/public/qmgr w,
    /var/spool/postfix/public/showq w,
  }
}