Package: msmtp
Version: 1.8.27-1
Severity: normal
X-Debbugs-Cc: uklei...@debian.org
Hello,
I have in my ~/.msmtprc:
...
passwordeval /usr/bin/oauth2get ...
to be able to send mail via Gmail's smtp service. I think for the
Microsoft services this is also needed. So it would be great to get that
allowed.
I added it locally to /etc/apparmor.d/usr.bin.msmtp (yes, I know there
is a mechanism to add this locally, ...)
Best regards
Uwe
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (750, 'testing-debug'), (750, 'testing'), (700,
'stable-updates'), (700, 'stable-security'), (700, 'stable-debug'), (700,
'stable'), (600, 'unstable'), (500, 'unstable-debug')
Architecture: amd64 (x86_64)
Foreign Architectures: armhf
Kernel: Linux 6.11.10-amd64 (SMP w/4 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages msmtp depends on:
ii adduser 3.137
ii debconf [debconf-2.0] 1.5.87
ii libc6 2.40-3
ii libgnutls30t64 3.8.8-2
ii libgsasl18 2.2.1-1+b2
ii libsecret-1-0 0.21.4-3
ii ucf 3.0043+nmu1
Versions of packages msmtp recommends:
ii ca-certificates 20240203
Versions of packages msmtp suggests:
pn msmtp-mta <none>
-- Configuration Files:
/etc/apparmor.d/usr.bin.msmtp changed:
profile msmtp /usr/bin/msmtp flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus-session-strict>
#include <abstractions/nameservice>
#include <abstractions/p11-kit>
#include <abstractions/ssl_certs>
#include <abstractions/ssl_keys>
#include <abstractions/kerberosclient>
/usr/bin/msmtp mr,
/etc/aliases r,
/etc/msmtprc r,
/etc/mailname r,
/etc/netrc r,
owner @{HOME}/.msmtp* r,
owner @{HOME}/.netrc r,
owner @{HOME}/.tls-crls r,
owner @{HOME}/.msmtp*.log wk,
/var/log/msmtp wk,
owner @{HOME}/**/*msmtprc r,
owner @{HOME}/.config/msmtp/* r,
owner @{HOME}/.cache/msmtp/* r,
owner @{HOME}/.cache/msmtp/*.log wk,
@{PROC}/@{pid}/loginuid r,
/tmp/ rw,
owner /tmp/* rw,
# kerberos related
/tmp/{,.}krb5cc_* rwk,
/etc/gss/mech.d/ r,
/etc/gss/mech.d/** r,
# to type password interactively
/dev/tty rw,
owner /dev/pts/[0-9]* rw,
dbus send
bus=session
path=/org/freedesktop/secrets
interface=org.freedesktop.Secret.Service,
dbus receive
bus=session
path=/org/freedesktop/secrets
interface=org.freedesktop.Secret.Service,
dbus send
bus=session
path=/org/freedesktop/secrets/prompt/*
interface=org.freedesktop.Secret.Prompt,
dbus receive
bus=session
path=/org/freedesktop/secrets/prompt/*
interface=org.freedesktop.Secret.Prompt,
dbus send
bus=session
path=/org/freedesktop/secrets
interface=org.freedesktop.DBus.Properties
member=GetAll,
# secret helpers
/{,usr/}bin/bash Cx -> helpers,
/{,usr/}bin/dash Cx -> helpers,
profile helpers {
#include <abstractions/base>
/{,usr/}bin/bash mr,
/{,usr/}bin/dash mr,
/tmp/ rw,
owner /tmp/* rw,
/usr/bin/secret-tool PUx,
/usr/bin/gpg{,2} PUx,
/usr/bin/pass PUx,
/usr/bin/head PUx,
/usr/bin/keyring PUx,
/{,usr/}bin/cat PUx,
/usr/bin/oauth2get PUx,
}
#include <local/usr.bin.msmtp>
}
