Bug#728709: cups-browsed: please include AppArmor profile

To: 728709@bugs.debian.org
Subject: Bug#728709: cups-browsed: please include AppArmor profile
From: Felix Geyer <fgeyer@debian.org>
Date: Sun, 10 Nov 2013 18:44:39 +0100
Message-id: <[🔎] 527FC607.3020207@debian.org>
Reply-to: Felix Geyer <fgeyer@debian.org>, 728709@bugs.debian.org

Attached is a new version of the profile that adds some rules
so it also works on Ubuntu.

Cheers,
Felix

diff -Nru cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed
--- cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed	1970-01-01 01:00:00.000000000 +0100
+++ cups-filters-1.0.34/debian/apparmor/usr.sbin.cups-browsed	2013-11-04 14:55:02.000000000 +0100
@@ -0,0 +1,15 @@
+#include <tunables/global>
+
+/usr/sbin/cups-browsed {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/cups-client>
+  #include <abstractions/dbus>
+  #include <abstractions/p11-kit>
+
+  /etc/cups/cups-browsed.conf r,
+  /{var/,}run/cups/certs/* r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.cups-browsed>
+}
diff -Nru cups-filters-1.0.34/debian/control cups-filters-1.0.34/debian/control
--- cups-filters-1.0.34/debian/control	2013-06-09 12:17:29.000000000 +0200
+++ cups-filters-1.0.34/debian/control	2013-11-04 14:38:41.000000000 +0100
@@ -13,6 +13,7 @@
  cdbs (>= 0.4.93~),
  debhelper (>= 9~),
  dpkg-dev (>= 1.16.1~),
+ dh-apparmor,
  pkg-config,
  sharutils,
  ghostscript (>= 9.02~),
diff -Nru cups-filters-1.0.34/debian/cups-browsed.install cups-filters-1.0.34/debian/cups-browsed.install
--- cups-filters-1.0.34/debian/cups-browsed.install	2013-06-04 14:56:47.000000000 +0200
+++ cups-filters-1.0.34/debian/cups-browsed.install	2013-11-04 14:47:20.000000000 +0100
@@ -1,2 +1,3 @@
 usr/sbin/cups-browsed
 etc/cups/cups-browsed.conf
+../apparmor/usr.sbin.cups-browsed etc/apparmor.d/
diff -Nru cups-filters-1.0.34/debian/rules cups-filters-1.0.34/debian/rules
--- cups-filters-1.0.34/debian/rules	2013-06-04 14:56:47.000000000 +0200
+++ cups-filters-1.0.34/debian/rules	2013-11-04 14:36:34.000000000 +0100
@@ -60,3 +60,6 @@
 	# Make the serial backend run as root, since /dev/ttyS* are
 	# root:dialout and thus not accessible as user lp
 	chmod 700 debian/$(cdbs_curpkg)/usr/lib/cups/backend/serial
+
+binary-post-install/cups-browsed::
+	dh_apparmor -pcups-browsed --profile-name=usr.sbin.cups-browsed

Reply to:

Prev by Date: Bug#690090: following up to 701954
Next by Date: CUPS co-maintainer removal
Previous by thread: Bug#728709: cups-browsed: please include AppArmor profile
Next by thread: Processed: notfound 606027 in 1:0.4.11-1, notfixed 606027 in 0.4.11-1, fixed 606027 in 1:0.4.11-1 ...
Index(es):
- Date
- Thread