Hi Jani,
On 2019-01-14 5:17 a.m., Jani Nikula wrote:
> Package: msmtp
> Version: 1.8.1-2
> Severity: important
>
> Dear Maintainer,
>
> I store my dotfiles in a git repo, and symlink the actual dotfiles to
> the git checkout. After msmtp update, the AppArmor profile blocked this:
>
> [622972.288769] audit: type=1400 audit(1547459536.817:103): apparmor="DENIED"
> operation="open" profile="/usr/bin/msmtp" name="/path/to/dotfiles/.msmtprc"
> pid=2564 comm="sendmail" requested_mask="r" denied_mask="r" fsuid=1000
> ouid=1000
>
> Without the symlink it works fine, but then msmtp doesn't play well with
> my dotfiles approach. Either I'll have to nuke the AppArmor profile, or
> start looking for another mta.
Indeed, Apparmor only cares about the final target file, not symlinks
leading to it.
Since you are not the first to complain about the need to store .msmtprc
in a different directory, I'll propose an updated base profile to permit
this file to be store anywhere in $HOME. Hopefully that will match your
"/path/to/dotfiles" case.
In the meantime, you may want to add this rule to the local override
file (/etc/apparmor.d/local/usr.bin.msmtp) and recompile the profile:
owner @{HOME}/**/.msmtprc r,
Regards,
Simon
