[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#940578: printer-driver-cups-pdf: cups pdf printer cannot create pdf file

Martin-Éric Racine:
> ke 18. syysk. 2019 klo 10.03 intrigeri (intrigeri@debian.org) kirjoitti:
>> C. Disable AppArmor confinement by default for the program that gets blocked
>>
>>    If you choose this option, then this bug should be reassigned to
>>    cups-daemon.

> This indeed is the best option.

Thanks for your feedback!

Thinking about it a bit more, I'm wondering if a less drastic approach
would be acceptable:

D. Allow cups-pdf to write anywhere under /home/*

   This still (somewhat) protects users against security issues in
   cups-pdf. This gets rid of AppArmor denials, as long as the user
   does not customize the "Out" setting to make it point to some place
   that's elsewhere than under ${HOME}.

I could try this to start with: all it takes is modifying 2 lines.

And if this still yields an unacceptable UX for users, or causes too
much BTS workload for you, then we can still do option C.

How does it sound?

Cheers,
-- 
intrigeri
Reply to: