[Pkg-cups-devel] r593 - in cupsys/branches/cups-1.2-ubuntu: . debian debian/local
Martin Pitt
mpitt at alioth.debian.org
Wed Sep 12 17:06:29 UTC 2007
Author: mpitt
Date: Wed Sep 12 17:06:28 2007
New Revision: 593
Log:
* debian/local/apparmor-profile: #139105 was not a bug after all, but rather
a misunderstood concept of AppArmor. Change the profile to allow
unrestricted execution of filters, which are always run as unprivileged
system user anyway. This should unbreak most third-party printer drivers.
Modified:
cupsys/branches/cups-1.2-ubuntu/ (props changed)
cupsys/branches/cups-1.2-ubuntu/debian/changelog
cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
Modified: cupsys/branches/cups-1.2-ubuntu/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/changelog (original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/changelog Wed Sep 12 17:06:28 2007
@@ -1,3 +1,12 @@
+cupsys (1.3.0-4ubuntu2) UNRELEASED; urgency=low
+
+ * debian/local/apparmor-profile: #139105 was not a bug after all, but rather
+ a misunderstood concept of AppArmor. Change the profile to allow
+ unrestricted execution of filters, which are always run as unprivileged
+ system user anyway. This should unbreak most third-party printer drivers.
+
+ -- Martin Pitt <martin.pitt at ubuntu.com> Wed, 12 Sep 2007 19:02:43 +0200
+
cupsys (1.3.0-4ubuntu1) gutsy; urgency=low
* Merge bugfixes from Debian.
Modified: cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile (original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile Wed Sep 12 17:06:28 2007
@@ -49,19 +49,17 @@
/bin/* ixr,
/sbin/* ixr,
/usr/lib/** rm,
- /usr/lib/cups/** ixr,
+ /usr/lib/cups/backend/* ixr,
+ # we treat cups-pdf specially, since it needs to write into /home
+ # and thus needs extra paranoia
/usr/lib/cups/backend/cups-pdf Px,
+ /usr/lib/cups/daemon/* ixr,
+ /usr/lib/cups/driver/* ixr,
+ /usr/lib/cups/monitor/* ixr,
+ /usr/lib/cups/notifier/* ixr,
# filters are always run as non-root, and there are a lot of
# third-party drivers which we cannot predict
- #/usr/lib/cups/filter/* Ux,
- # above does not work due to LP #139105; work around it for
- # Turboprint at least:
- /proc/version r,
- /etc/passwd rm,
- /etc/group rm,
- /etc/*/** rm,
- /usr/local/** ixr,
-
+ /usr/lib/cups/filter/* Uxr,
/usr/local/share/** r,
/usr/share/** r,
/var/cache/cups/ rw,
More information about the Pkg-cups-devel
mailing list