[Pkg-cups-devel] r536 - in cupsys/branches/cups-1.2-ubuntu/debian: . local

Martin Pitt mpitt at alioth.debian.org
Thu Aug 9 19:18:15 UTC 2007 

Author: mpitt
Date: Thu Aug  9 19:18:15 2007
New Revision: 536

Log:
* debian/local/apparmor-profile: 
  - Use abstractions/authentication and drop the passwd/shadow/pam rules.
  - Drop the redundant "/usr/lib/** mr" rule (already in 'base').
  - Enforce by default, so that we get actual protection.

Modified:
   cupsys/branches/cups-1.2-ubuntu/debian/changelog
   cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile

Modified: cupsys/branches/cups-1.2-ubuntu/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/changelog	(original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/changelog	Thu Aug  9 19:18:15 2007
@@ -1,8 +1,12 @@
 cupsys (1.2.12-3ubuntu1) UNRELEASED; urgency=low
 
   * Merge latest fixes from Debian unstable. (LP: #29050)
+  * debian/local/apparmor-profile: 
+    - Use abstractions/authentication and drop the passwd/shadow/pam rules.
+    - Drop the redundant "/usr/lib/** mr" rule (already in 'base').
+    - Enforce by default, so that we get actual protection.
 
- -- Martin Pitt <martin.pitt at ubuntu.com>  Thu, 09 Aug 2007 20:59:48 +0200
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Thu, 09 Aug 2007 21:16:34 +0200
 
 cupsys (1.2.12-3) unstable; urgency=low
 

Modified: cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile	(original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile	Thu Aug  9 19:18:15 2007
@@ -4,9 +4,10 @@
 
 #include <tunables/global>
 
-/usr/sbin/cupsd flags=(complain) {
+/usr/sbin/cupsd {
   #include <abstractions/base>
   #include <abstractions/bash>
+  #include <abstractions/authentication>
   #include <abstractions/dbus>
   #include <abstractions/fonts>
   #include <abstractions/nameservice>
@@ -32,11 +33,7 @@
   /etc/foomatic/* r,
   /etc/gai.conf r,
   /etc/group r,
-  /etc/pam.d/* r,
-  /etc/passwd r,
-  /etc/shadow r,
   /etc/ssl/** r,
-  /lib/** rm,
   /proc/net r,
   /proc/net/* r,
   /sys/** r,
@@ -44,7 +41,6 @@
   /usr/bin/gs ixr,
   /usr/bin/smbspool ixr,
   /usr/bin/whoami ixr,
-  /usr/lib/** mr,
   /usr/lib/cups/** ixr,
   /usr/local/share/** r,
   /usr/share/** r,

More information about the Pkg-cups-devel mailing list