Marcus Rueckert
f270973a6c
Accepted submit request 57745 from user jeff_mahoney OBS-URL: https://build.opensuse.org/request/show/57745 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/apparmor?expand=0&rev=1
60 lines
1.4 KiB
Plaintext
60 lines
1.4 KiB
Plaintext
---
|
|
profiles/apparmor/profiles/extras/usr.sbin.cupsd | 25 ++++++++++++++++++-----
|
|
1 file changed, 20 insertions(+), 5 deletions(-)
|
|
|
|
--- a/profiles/apparmor/profiles/extras/usr.sbin.cupsd
|
|
+++ b/profiles/apparmor/profiles/extras/usr.sbin.cupsd
|
|
@@ -16,20 +16,31 @@
|
|
capability setuid,
|
|
|
|
/bin/bash ixr,
|
|
+ /bin/cat ix,
|
|
+
|
|
+ /usr/bin/foomatic-rip ixr,
|
|
+ /etc/foomatic/** r,
|
|
+
|
|
+ /usr/bin/gs ix,
|
|
+ /usr/lib/ghostscript/** m,
|
|
+ /usr/lib64/ghostscript/** m,
|
|
+ /usr/share/ghostscript/** r,
|
|
+ /etc/ghostscript/** r,
|
|
+
|
|
/dev/lp0 rw,
|
|
/dev/tty rw,
|
|
/dev/ttyS? w,
|
|
/etc/cups rw,
|
|
/etc/cups/ r,
|
|
- /etc/cups/* r,
|
|
+ /etc/cups/** r,
|
|
/etc/cups/certs w,
|
|
/etc/cups/certs/* w,
|
|
- /etc/cups/classes.conf rw,
|
|
- /etc/cups/cupsd.conf rw,
|
|
+ /etc/cups/*.conf* rw,
|
|
/etc/cups/ppd rw,
|
|
+ /etc/printcap rw,
|
|
/etc/cups/printcap rw,
|
|
- /etc/cups/printers.conf rw,
|
|
/etc/cups/ssl rw,
|
|
+ /etc/cups/yes/* rw,
|
|
/etc/hosts.allow r,
|
|
/etc/hosts.deny r,
|
|
/proc/meminfo r,
|
|
@@ -39,11 +50,15 @@
|
|
/usr/bin/smbspool ixr,
|
|
/usr/lib/cups/backend/* ixr,
|
|
/usr/lib/cups/filter/* ixr,
|
|
- /usr/sbin/cupsd mr,
|
|
+ /usr/sbin/cupsd mixr,
|
|
/usr/share/cups/** r,
|
|
/var/log/cups/access_log rw,
|
|
/var/log/cups/error_log rw,
|
|
/var/spool/cups rw,
|
|
+ /var/spool/cups/** rw,
|
|
/var/spool/cups/tmp w,
|
|
/var/spool/cups/tmp/ r,
|
|
+ /var/run/cups/** rw,
|
|
+ /var/cache/cups/ rw,
|
|
+ /var/cache/cups/** rw,
|
|
}
|