[Pkg-cups-devel] r536 - in cupsys/branches/cups-1.2-ubuntu/debian: . local
Martin Pitt
mpitt at alioth.debian.org
Thu Aug 9 19:18:15 UTC 2007
Author: mpitt
Date: Thu Aug 9 19:18:15 2007
New Revision: 536
Log:
* debian/local/apparmor-profile:
- Use abstractions/authentication and drop the passwd/shadow/pam rules.
- Drop the redundant "/usr/lib/** mr" rule (already in 'base').
- Enforce by default, so that we get actual protection.
Modified:
cupsys/branches/cups-1.2-ubuntu/debian/changelog
cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
Modified: cupsys/branches/cups-1.2-ubuntu/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/changelog (original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/changelog Thu Aug 9 19:18:15 2007
@@ -1,8 +1,12 @@
cupsys (1.2.12-3ubuntu1) UNRELEASED; urgency=low
* Merge latest fixes from Debian unstable. (LP: #29050)
+ * debian/local/apparmor-profile:
+ - Use abstractions/authentication and drop the passwd/shadow/pam rules.
+ - Drop the redundant "/usr/lib/** mr" rule (already in 'base').
+ - Enforce by default, so that we get actual protection.
- -- Martin Pitt <martin.pitt at ubuntu.com> Thu, 09 Aug 2007 20:59:48 +0200
+ -- Martin Pitt <martin.pitt at ubuntu.com> Thu, 09 Aug 2007 21:16:34 +0200
cupsys (1.2.12-3) unstable; urgency=low
Modified: cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile (original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile Thu Aug 9 19:18:15 2007
@@ -4,9 +4,10 @@
#include <tunables/global>
-/usr/sbin/cupsd flags=(complain) {
+/usr/sbin/cupsd {
#include <abstractions/base>
#include <abstractions/bash>
+ #include <abstractions/authentication>
#include <abstractions/dbus>
#include <abstractions/fonts>
#include <abstractions/nameservice>
@@ -32,11 +33,7 @@
/etc/foomatic/* r,
/etc/gai.conf r,
/etc/group r,
- /etc/pam.d/* r,
- /etc/passwd r,
- /etc/shadow r,
/etc/ssl/** r,
- /lib/** rm,
/proc/net r,
/proc/net/* r,
/sys/** r,
@@ -44,7 +41,6 @@
/usr/bin/gs ixr,
/usr/bin/smbspool ixr,
/usr/bin/whoami ixr,
- /usr/lib/** mr,
/usr/lib/cups/** ixr,
/usr/local/share/** r,
/usr/share/** r,
More information about the Pkg-cups-devel
mailing list