Current File : //etc/apparmor.d/usr.bin.msmtp

# Author: Simon Deziel <[email protected]>

#include <tunables/global>

profile msmtp /usr/bin/msmtp flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/dbus-session-strict>
  #include <abstractions/nameservice>
  #include <abstractions/p11-kit>
  #include <abstractions/ssl_certs>
  #include <abstractions/ssl_keys>

  /usr/bin/msmtp          mr,
  /etc/aliases            r,
  /etc/msmtprc            r,
  /etc/mailname           r,
  /etc/netrc              r,
  owner @{HOME}/.msmtp*   r,
  owner @{HOME}/.netrc    r,
  owner @{HOME}/.tls-crls r,

  owner @{HOME}/.msmtp*.log wk,
  /var/log/msmtp            wk,

  owner @{HOME}/**/*msmtprc        r,
  owner @{HOME}/.config/msmtp/*    r,
  owner @{HOME}/.cache/msmtp/*     r,
  owner @{HOME}/.cache/msmtp/*.log wk,

  @{PROC}/@{pid}/loginuid r,
  /tmp/                   rw,
  owner /tmp/*            rw,

  # to type password interactively
  /dev/tty                rw,
  owner /dev/pts/[0-9]*   rw,

  dbus send
       bus=session
       interface=org.freedesktop.Secret.Service,

  # secret helpers
  /{,usr/}bin/bash Cx -> helpers,
  /{,usr/}bin/dash Cx -> helpers,
  profile helpers {
    #include <abstractions/base>
    /{,usr/}bin/bash mr,
    /{,usr/}bin/dash mr,
    /tmp/            rw,
    owner /tmp/*     rw,

    /usr/bin/secret-tool PUx,
    /usr/bin/gpg{,2}     PUx,
    /usr/bin/pass        PUx,
    /usr/bin/head        PUx,
    /usr/bin/keyring     PUx,
    /{,usr/}bin/cat      PUx,
  }

  #include <local/usr.bin.msmtp>
}