/etc/apparmor.d/usr.sbin.kopano-server is in kopano-server 8.5.5-0ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 | #include <tunables/global>
/usr/sbin/kopano-server flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/nameservice>
#include <abstractions/user-tmp>
#include <abstractions/mysql>
capability chown,
capability dac_override,
capability dac_read_search,
capability setgid,
capability setuid,
network tcp,
/etc/kopano/debian-db.cfg r,
/etc/kopano/server.cfg r,
/usr/sbin/kopano-server r,
@{PROC}/@{pid}/task/@{tid}/comm rw,
/run/kopano/prio.sock rw,
/run/kopano/server.pid rw,
/run/kopano/server.sock rw,
/usr/lib/@{multiarch}/kopano/*.so m,
/var/lib/kopano/attachments/ r,
/var/lib/kopano/attachments/** rw,
/var/log/kopano/server.log rw,
/etc/kopano/userscripts/* Cxr -> kopano_userscripts,
# New features in 8.5.2 need this, and read-only on those is safe
@{PROC}/sys/kernel/core_pattern r,
@{PROC}/sys/fs/suid_dumpable r,
# There's little we can do if the server is allowed to run
# arbitrary scripts
profile kopano_userscripts flags=(attach_disconnected) {
file,
network,
}
# Site-specific additions and overrides. See local/README for details.
#include <local/usr.sbin.kopano-server>
}
|