Commit cdde464a authored by intrigeri's avatar intrigeri
Browse files

Unfuzzy CUPS AppArmor profile patch (refs: #15744)

parent f73508ba
--- a/etc/apparmor.d.orig/usr.sbin.cupsd 2017-01-31 07:00:49.000000000 +0000
+++ b/etc/apparmor.d/usr.sbin.cupsd 2017-12-09 11:35:09.514218451 +0000
--- a/etc/apparmor.d/usr.sbin.cupsd 2018-07-11 09:29:27.000000000 +0000
+++ b/etc/apparmor.d/usr.sbin.cupsd 2018-07-22 01:36:33.680971981 +0000
@@ -4,6 +4,8 @@
#include <tunables/global>
......@@ -41,9 +41,9 @@
/usr/lib/cups/backend/ipp ixr,
+ /usr/lib/cups/backend/ipp[0-9][0-9] ixr,
/usr/lib/cups/backend/lpd ixr,
/usr/lib/cups/backend/mdns ixr,
/usr/lib/cups/backend/parallel ixr,
/usr/lib/cups/backend/serial ixr,
@@ -92,7 +96,13 @@
@@ -93,7 +97,13 @@
/usr/lib/cups/backend/cups-pdf Px,
# third party backends get no restrictions as they often need high
# privileges and this is beyond our control
......@@ -58,7 +58,7 @@
/usr/lib/cups/cgi-bin/* ixr,
/usr/lib/cups/daemon/* ixr,
@@ -117,8 +127,13 @@
@@ -118,8 +128,13 @@
/var/cache/cups/** rwk,
/var/log/cups/ rw,
/var/log/cups/* rw,
......@@ -72,7 +72,7 @@
# third-party printer drivers; no known structure here
/opt/** rix,
@@ -131,7 +146,7 @@
@@ -132,7 +147,7 @@
/etc/krb5.conf r,
deny /etc/krb5.conf w,
/etc/krb5.keytab rk,
......@@ -81,7 +81,7 @@
/tmp/krb5cc* k,
# likewise authentication
@@ -184,7 +199,7 @@
@@ -185,7 +200,7 @@
/{usr/,}bin/bash ixr,
/{usr/,}bin/cp ixr,
/etc/papersize r,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment