From 1e80b844f48827d1f1fe98d809500ab069f6c23f Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Mon, 10 Jan 2022 16:54:05 -0800
Subject: [PATCH] puppet: Disable apparmor profile for msmtp.

As the nagios user, we want to read the msmtp configuration from
~nagios, which apparmor's profile does not allow msmtp to do.
---
 puppet/zulip_ops/manifests/profile/nagios.pp | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/puppet/zulip_ops/manifests/profile/nagios.pp b/puppet/zulip_ops/manifests/profile/nagios.pp
index 9a2420fe4d..dbc2eef2d8 100644
--- a/puppet/zulip_ops/manifests/profile/nagios.pp
+++ b/puppet/zulip_ops/manifests/profile/nagios.pp
@@ -140,6 +140,17 @@ class zulip_ops::profile::nagios {
     require => File['/var/lib/nagios'],
   }
 
+  # Disable apparmor for msmtp so it can read the above config file
+  file { '/etc/apparmor.d/disable/usr.bin.msmtp':
+    ensure => link,
+    target => '/etc/apparmor.d/usr.bin.msmtp',
+    notify => Exec['reload apparmor'],
+  }
+  exec {'reload apparmor':
+    command     => '/sbin/apparmor_parser -R /etc/apparmor.d/usr.bin.msmtp',
+    refreshonly => true,
+  }
+
   exec { 'fix_nagios_permissions':
     command => 'dpkg-statoverride --update --add nagios www-data 2710 /var/lib/nagios4/rw',
     unless  => 'bash -c "ls -ld /var/lib/nagios4/rw | grep ^drwx--s--- -q"',