[Pkg-cups-devel] r591 - in cupsys/branches/cups-1.2-ubuntu: . debian debian/local

Martin Pitt mpitt at alioth.debian.org
Wed Sep 12 13:35:36 UTC 2007 

Author: mpitt
Date: Wed Sep 12 13:35:36 2007
New Revision: 591

Log:
* debian/local/apparmor-profile: Open up the profile for third-party printer
  drivers (like Turboprint, and other stuff in /usr/locale). This requires
  opening up the profile much more than necessary, due to AppArmor bug
  #139105. (LP: #133818)

Modified:
   cupsys/branches/cups-1.2-ubuntu/   (props changed)
   cupsys/branches/cups-1.2-ubuntu/debian/changelog
   cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile

Modified: cupsys/branches/cups-1.2-ubuntu/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/changelog	(original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/changelog	Wed Sep 12 13:35:36 2007
@@ -3,8 +3,12 @@
   * Merge bugfixes from Debian.
   * debian/local/apparmor-profile: Append slashes to directory names, since
     AppArmor 2.1 wants it that way.
+  * debian/local/apparmor-profile: Open up the profile for third-party printer
+    drivers (like Turboprint, and other stuff in /usr/locale). This requires
+    opening up the profile much more than necessary, due to AppArmor bug
+    #139105. (LP: #133818)
 
- -- Martin Pitt <martin.pitt at ubuntu.com>  Wed, 12 Sep 2007 14:12:00 +0200
+ -- Martin Pitt <martin.pitt at ubuntu.com>  Wed, 12 Sep 2007 15:34:13 +0200
 
 cupsys (1.3.0-4) unstable; urgency=low
 

Modified: cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile	(original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile	Wed Sep 12 13:35:36 2007
@@ -51,6 +51,17 @@
   /usr/lib/** rm,
   /usr/lib/cups/** ixr,
   /usr/lib/cups/backend/cups-pdf Px,
+  # filters are always run as non-root, and there are a lot of
+  # third-party drivers which we cannot predict
+  #/usr/lib/cups/filter/* Ux, 
+  # above does not work due to LP #139105; work around it for
+  # Turboprint at least:
+  /proc/version r,
+  /etc/passwd rm,
+  /etc/group rm,
+  /etc/*/** rm,
+  /usr/local/** ixr,
+
   /usr/local/share/** r,
   /usr/share/** r,
   /var/cache/cups/ rw,

More information about the Pkg-cups-devel mailing list