Bug#951388: [akonadi-backend-postgresql] apparmor profile unsuitable

To: submit@bugs.debian.org
Subject: Bug#951388: [akonadi-backend-postgresql] apparmor profile unsuitable
From: "Bastien Roucariès" <roucaries.bastien@gmail.com>
Date: Sat, 15 Feb 2020 21:08:15 +0100
Message-id: <[🔎] 4542079.31r3eYUQgx@portable-bastien-2018>
Reply-to: "Bastien Roucariès" <roucaries.bastien@gmail.com>, 951388@bugs.debian.org

Package: akonadi-backend-postgresql
Version: 4:19.08.3-1
Severity: grave
Justification: renders package unusable
Tags: patch

Dear Maintainer,

Please find the following update for apparmor 

Please apply

Bastien

diff --git a/apparmor.d/postgresql_akonadi b/apparmor.d/postgresql_akonadi
index c25fa08..b650612 100644
--- a/apparmor.d/postgresql_akonadi
+++ b/apparmor.d/postgresql_akonadi
@@ -5,21 +5,27 @@
 
 profile postgresql_akonadi {
   #include <abstractions/base>
+  #include <abstractions/nameservice>
   #include <abstractions/user-tmp>
 
   capability setgid,
   capability setuid,
 
+  signal receive set=kill peer=/usr/bin/akonadiserver,
+  signal receive set=term peer=/usr/bin/akonadiserver,
+
   /etc/passwd r,
+
   /{usr/,}bin/dash mrix,
   /{usr/,}bin/locale mrix,
+  /{var/,}run/systemd/resolve/resolv.conf r,
   /usr/lib/postgresql/*/bin/initdb mrix,
   /usr/lib/postgresql/*/bin/pg_ctl mrix,
   /usr/lib/postgresql/*/bin/postgres mrix,
+  /usr/lib/postgresql/*/bin/pg_upgrade mrix,
   /usr/share/postgresql/** r,
   owner /dev/shm/PostgreSQL.* rw,
   owner @{xdg_data_home}/akonadi/** rwlk,
-  owner @{xdg_data_home}/akonadi/db_data/** l,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/postgresql_akonadi>
diff --git a/apparmor.d/usr.bin.akonadiserver b/apparmor.d/usr.bin.akonadiserver
index 2055a49..8a8cc23 100644
--- a/apparmor.d/usr.bin.akonadiserver
+++ b/apparmor.d/usr.bin.akonadiserver
@@ -13,7 +13,8 @@
 
   signal send set=kill peer=mysqld_akonadi,
   signal send set=term peer=mysqld_akonadi,
-
+  signal send set=kill peer=postgresql_akonadi,
+  signal send set=term peer=postgresql_akonadi,
 
   /etc/xdg/** r,
   /usr/bin/akonadiserver mr,
@@ -32,7 +33,7 @@
   owner @{xdg_config_home}/akonadi* rw,
   owner @{xdg_config_home}/QtProject/qtlogging.ini r,
   owner @{xdg_config_home}/akonadi/ rw,
-  owner @{xdg_config_home}/akonadi/* rwl,
+  owner @{xdg_config_home}/akonadi/** rwl,
   owner @{xdg_config_home}/akonadi/akonadiconnectionrc wl,
   owner @{xdg_config_home}/akonadi/akonadiconnectionrc.lock rwk,
   owner @{xdg_config_home}/akonadi/akonadiserverrc.lock rwk,
@@ -44,6 +45,8 @@
   owner @{xdg_data_home}/akonadi/** rwk,
   owner @{PROC}/@{pid}/loginuid r,
   owner @{PROC}/@{pid}/mounts r,
+  owner /{,var/}run/user/[0-9]*/akonadi/ w,
+  owner /{,var/}run/user/[0-9]*/akonadi/** rw,
 
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.akonadiserver>

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to:

Prev by Date: Bug#924507: marked as done (ksplashqml: hits its hard timeout of 30 seconds)
Next by Date: Bug#951389: akonadi-backend-postgresql: Initialisation of database fail if locale en_US.UTF8 is not avalaible systemwide
Previous by thread: Bug#924507: marked as done (ksplashqml: hits its hard timeout of 30 seconds)
Next by thread: Bug#951389: akonadi-backend-postgresql: Initialisation of database fail if locale en_US.UTF8 is not avalaible systemwide
Index(es):
- Date
- Thread