AppArmor profiles for dovecot/postfix/amavisd stack
This is to discuss what is needed to build and test the AppArmor profiles needed to confine the dovecot/
Blueprint information
- Status:
- Not started
- Approver:
- Rick Clark
- Priority:
- Undefined
- Drafter:
- Kees Cook
- Direction:
- Needs approval
- Assignee:
- None
- Definition:
- Discussion
- Series goal:
- None
- Implementation:
- Unknown
- Milestone target:
- None
- Started by
- Completed by
Related branches
Whiteboard
Goal: how to confine the entire mail stack since it is now more integrated
* Identify stack contents
* dovecot plugins
* options, maildir vs mbox, plugins
* authentication pieces need investigation
* amavisd plugins
* can't assume users will complain and test (backported apparmor profile
in clamd bears this out)
* postfix plugins
* postfix is already in a chroot
* it can have just one large profile
* policy servers and 3rd party software could be problematic
* policy servers tend to run separately
* ClamAV (which is already confined)
* Design considerations
* confine root-run applications
* confine long-running daemons
* Explore implementation details
* postfix
* is it worth confining at this time? (maybe look at last)
* leave jailed (jail configuration is now well understood and documented)
* dovecot
* amavisd (communicates over tcp port)
* supports many different scanners
* be sure to check all packages that plug in to amavisd (main and
universe). Could just say that universe binaries are unconfined
* spamd could be confined?
* package notification software for apparmor and hook into apport (possibly
consider telling how to edit the broken profile or advise how to turn off
the profile only)
Profile work found in: https:/
Work Items
Dependency tree
* Blueprints in grey have been implemented.