Index: apparmor/mysqld_akonadi =================================================================== --- apparmor/mysqld_akonadi +++ apparmor/mysqld_akonadi @@ -4,7 +4,10 @@ profile mysqld_akonadi { #include + #include + #include #include + #include #include capability setgid, @@ -15,7 +18,9 @@ /etc/mysql/ r, /etc/mysql/** r, + /etc/my.cnf{,.d/**} r, @{sys}/devices/system/cpu/ r, + /{usr/,}bin/{b,d}ash mrix, /{usr/,}bin/cat mrix, /{usr/,}bin/chmod mrix, /{usr/,}bin/dirname mrix, @@ -26,8 +31,9 @@ /usr/bin/mysql_install_db mrix, /usr/bin/mysqladmin mrix, /usr/bin/mysqlcheck mrix, - /usr/sbin/mysqld mrix, + /usr/{,s}bin/mysqld mrix, /usr/share/mysql/** r, owner @{xdg_data_home}/akonadi/** rwk, owner @{PROC}/@{pid}/loginuid r, + owner /{,var/}run/user/@{uid}/akonadi** rwk, } Index: apparmor/postgresql_akonadi =================================================================== --- apparmor/postgresql_akonadi +++ apparmor/postgresql_akonadi @@ -4,19 +4,35 @@ profile postgresql_akonadi { #include + #include + #include + #include #include capability setgid, capability setuid, /etc/passwd r, - /{usr/,}bin/dash mrix, + /{usr/,}bin/{b,d}ash mrix, /{usr/,}bin/locale mrix, - /usr/lib/postgresql/*/bin/initdb mrix, - /usr/lib/postgresql/*/bin/pg_ctl mrix, - /usr/lib/postgresql/*/bin/postgres mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/initdb mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_ctl mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/postgres mrix, /usr/share/postgresql/** r, owner /dev/shm/PostgreSQL.* rw, owner @{xdg_data_home}/akonadi/** rwlk, owner @{xdg_data_home}/akonadi/db_data/** l, + owner /{,var/}run/user/@{uid}/akonadi** rwk, + + # pg_upgrade + /{usr/,usr/lib/postgresql/*/}bin/pg_upgrade mrix, + /opt/pgsql*/** mr, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_controldata mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_resetwal mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_dumpall mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_dump mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/vacuumdb mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/psql mrix, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_restore mrix, + /{usr/,}bin/cp mrix, } Index: apparmor/usr.bin.akonadiserver =================================================================== --- apparmor/usr.bin.akonadiserver +++ apparmor/usr.bin.akonadiserver @@ -6,8 +6,10 @@ /usr/bin/akonadiserver { #include + #include #include #include + #include #include #include @@ -19,12 +21,15 @@ /usr/bin/mysql_install_db PUx -> mysqld_akonadi, /usr/bin/mysqladmin PUx -> mysqld_akonadi, /usr/bin/mysqlcheck PUx -> mysqld_akonadi, - /usr/lib/postgresql/*/bin/initdb PUx -> postgresql_akonadi, - /usr/lib/postgresql/*/bin/pg_ctl PUx -> postgresql_akonadi, + /usr/{,s}bin/mysqld PUx -> mysqld_akonadi, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/initdb PUx -> postgresql_akonadi, + /{usr/,usr/lib/postgresql/*/,opt/pgsql*/}bin/pg_ctl PUx -> postgresql_akonadi, + /{usr/,usr/lib/postgresql/*/}bin/pg_upgrade PUx -> postgresql_akonadi, /usr/sbin/mysqld PUx -> mysqld_akonadi, /usr/share/mime/mime.cache r, /usr/share/mime/packages/ r, /usr/share/mime/types r, + /usr/share/qt/translations/* r, @{PROC}/sys/kernel/core_pattern r, @{PROC}/sys/kernel/random/boot_id r, owner @{xdg_config_home}/* r, @@ -43,4 +48,6 @@ owner @{xdg_data_home}/akonadi/** rwk, owner @{PROC}/@{pid}/loginuid r, owner @{PROC}/@{pid}/mounts r, + owner /{,var/}run/user/@{uid}/akonadi** rwk, + owner /tmp/#[0-9]* m, }