Commit 26512ded authored by intrigeri's avatar intrigeri
Browse files

AppArmor CUPS profile: drop duplicate rule for /usr/lib/cups/backend/mdns (refs: #15744)

Since the cups 2.2.1-8+deb9u2 upload, the default profile confines
the mdns backend with the same rules (ix) as the cupsd binary,
so the rule for it we added manually will conflict. Let's drop it
and follow upstream's lead.
parent cdde464a
--- a/etc/apparmor.d/usr.sbin.cupsd 2018-07-11 09:29:27.000000000 +0000
+++ b/etc/apparmor.d/usr.sbin.cupsd 2018-07-22 01:36:33.680971981 +0000
+++ b/etc/apparmor.d/usr.sbin.cupsd 2018-07-22 01:39:15.954102055 +0000
@@ -4,6 +4,8 @@
#include <tunables/global>
......@@ -43,7 +43,7 @@
/usr/lib/cups/backend/lpd ixr,
/usr/lib/cups/backend/mdns ixr,
/usr/lib/cups/backend/parallel ixr,
@@ -93,7 +97,13 @@
@@ -93,7 +97,12 @@
/usr/lib/cups/backend/cups-pdf Px,
# third party backends get no restrictions as they often need high
# privileges and this is beyond our control
......@@ -54,11 +54,10 @@
+ /usr/lib/cups/backend/gutenprint52+usb Cx -> third_party,
+ /usr/lib/cups/backend/hp Cx -> third_party,
+ /usr/lib/cups/backend/hpfax Cx -> third_party,
+ /usr/lib/cups/backend/mdns Cx -> third_party,
/usr/lib/cups/cgi-bin/* ixr,
/usr/lib/cups/daemon/* ixr,
@@ -118,8 +128,13 @@
@@ -118,8 +127,13 @@
/var/cache/cups/** rwk,
/var/log/cups/ rw,
/var/log/cups/* rw,
......@@ -72,7 +71,7 @@
# third-party printer drivers; no known structure here
/opt/** rix,
@@ -132,7 +147,7 @@
@@ -132,7 +146,7 @@
/etc/krb5.conf r,
deny /etc/krb5.conf w,
/etc/krb5.keytab rk,
......@@ -81,7 +80,7 @@
/tmp/krb5cc* k,
# likewise authentication
@@ -185,7 +200,7 @@
@@ -185,7 +199,7 @@
/{usr/,}bin/bash ixr,
/{usr/,}bin/cp ixr,
/etc/papersize r,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment