Bug#846828: cups-daemon: Please make cupsd AppArmor profile compatible with upcoming merged-/usr-related changes in abstractions/base
Package: cups-daemon
Version: 2.2.1-2
Severity: normal
Tags: patch
User: pkg-apparmor-team@lists.alioth.debian.org
Usertags: usrmerge
X-Debbugs-Cc: pkg-apparmor-team@lists.alioth.debian.org
Hi Didier & team,
the attached commit (against current debian/master branch) makes the
included AppArmor profile compatible with the adjustments being worked
on upstream (in abstractions/base) to make AppArmor policy compatible
with merged-/usr. Please consider applying it :)
Cheers,
--
intrigeri
>From bb79ac0b2f20a5d4d972942c5e90963f04560cb8 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Sat, 3 Dec 2016 14:49:27 +0000
Subject: [PATCH] Make AppArmor profile compatible with merged-/usr.
The x modifiers for /opt/** are incompatible with some adjustments
being worked on upstream (in abstractions/base) to make AppArmor
policy compatible with merged-/usr:
https://code.launchpad.net/~intrigeri/apparmor/usrmerge/+merge/312409
Turning "ix" into "Pix" fixes this, and more generally is a good thing since it
allows third-party drivers installed in /opt/ to ship their own AppArmor
profile.
---
debian/local/apparmor-profile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/local/apparmor-profile b/debian/local/apparmor-profile
index e0c7e40..62a88ff 100644
--- a/debian/local/apparmor-profile
+++ b/debian/local/apparmor-profile
@@ -121,7 +121,7 @@
/var/spool/cups/** rw,
# third-party printer drivers; no known structure here
- /opt/** rix,
+ /opt/** rPix,
# FIXME: no policy ATM for hplip and Brother drivers
/usr/bin/hpijs Cx -> third_party,
--
2.10.2
Reply to: