[Pkg-cups-devel] r591 - in cupsys/branches/cups-1.2-ubuntu: . debian debian/local
Martin Pitt
mpitt at alioth.debian.org
Wed Sep 12 13:35:36 UTC 2007
Author: mpitt
Date: Wed Sep 12 13:35:36 2007
New Revision: 591
Log:
* debian/local/apparmor-profile: Open up the profile for third-party printer
drivers (like Turboprint, and other stuff in /usr/locale). This requires
opening up the profile much more than necessary, due to AppArmor bug
#139105. (LP: #133818)
Modified:
cupsys/branches/cups-1.2-ubuntu/ (props changed)
cupsys/branches/cups-1.2-ubuntu/debian/changelog
cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
Modified: cupsys/branches/cups-1.2-ubuntu/debian/changelog
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/changelog (original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/changelog Wed Sep 12 13:35:36 2007
@@ -3,8 +3,12 @@
* Merge bugfixes from Debian.
* debian/local/apparmor-profile: Append slashes to directory names, since
AppArmor 2.1 wants it that way.
+ * debian/local/apparmor-profile: Open up the profile for third-party printer
+ drivers (like Turboprint, and other stuff in /usr/locale). This requires
+ opening up the profile much more than necessary, due to AppArmor bug
+ #139105. (LP: #133818)
- -- Martin Pitt <martin.pitt at ubuntu.com> Wed, 12 Sep 2007 14:12:00 +0200
+ -- Martin Pitt <martin.pitt at ubuntu.com> Wed, 12 Sep 2007 15:34:13 +0200
cupsys (1.3.0-4) unstable; urgency=low
Modified: cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile
==============================================================================
--- cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile (original)
+++ cupsys/branches/cups-1.2-ubuntu/debian/local/apparmor-profile Wed Sep 12 13:35:36 2007
@@ -51,6 +51,17 @@
/usr/lib/** rm,
/usr/lib/cups/** ixr,
/usr/lib/cups/backend/cups-pdf Px,
+ # filters are always run as non-root, and there are a lot of
+ # third-party drivers which we cannot predict
+ #/usr/lib/cups/filter/* Ux,
+ # above does not work due to LP #139105; work around it for
+ # Turboprint at least:
+ /proc/version r,
+ /etc/passwd rm,
+ /etc/group rm,
+ /etc/*/** rm,
+ /usr/local/** ixr,
+
/usr/local/share/** r,
/usr/share/** r,
/var/cache/cups/ rw,
More information about the Pkg-cups-devel
mailing list