pool/cups
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 950380 from home:jsmeix:branches:Printing

Browse Source 
Added ReadWritePaths=/etc/cups to cups.service (boo#1195288)

OBS-URL: https://build.opensuse.org/request/show/950380
OBS-URL: https://build.opensuse.org/package/show/Printing/cups?expand=0&rev=380
This commit is contained in:
Johannes Meixner 2022-02-01 10:06:35 +00:00 committed by Git OBS Bridge
parent e8ec02bc9d
commit 350f6e0407
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
cups.changes
View File

@ -1,3 +1,11 @@
-------------------------------------------------------------------
Tue Feb 1 09:18:27 UTC 2022 - jsmeix@suse.de
- Enhanced harden_cups.service.patch by adding
ReadWritePaths=/etc/cups
because cupsd needs write access in /etc/cups
(boo#1195288)
-------------------------------------------------------------------
Fri Oct 15 07:31:10 UTC 2021 - Johannes Segitz <jsegitz@suse.com>

4
cups.spec
View File

@ -1,7 +1,7 @@
#
# spec file for package cups
#
# Copyright (c) 2021 SUSE LLC
# Copyright (c) 2022 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@ -85,7 +85,7 @@ Patch103: cups-1.4-do_not_strip_recommended_from_PPDs.patch
Patch104: cups-config-libs.patch
# Patch106 Fixes web UI Kerberos authentication (bsc#1175960)
Patch106: fix-negotiate-authentication-between-CGIs-and-scheduler.patch
Patch107: harden_cups.service.patch
Patch107: harden_cups.service.patch
# Build Requirements:
BuildRequires: dbus-1-devel
BuildRequires: fdupes

8
harden_cups.service.patch
View File

@ -2,7 +2,7 @@ Index: cups-2.3.3op2/scheduler/cups.service.in
===================================================================
--- cups-2.3.3op2.orig/scheduler/cups.service.in
+++ cups-2.3.3op2/scheduler/cups.service.in
@@ -5,6 +5,17 @@ After=network.target sssd.service ypbind
@@ -5,6 +5,21 @@ After=network.target sssd.service ypbind
Requires=cups.socket
[Service]
@ -16,7 +16,11 @@ Index: cups-2.3.3op2/scheduler/cups.service.in
+ProtectKernelLogs=true
+ProtectControlGroups=true
+RestrictRealtime=true
+# end of automatic additions
+# end of automatic additions
+# cupsd needs write access in /etc/cups see
+# https://bugzilla.opensuse.org/show_bug.cgi?id=1195288
+ReadWritePaths=/etc/cups
+# end of SUSE additions
ExecStart=@sbindir@/cupsd -l
Type=notify
Restart=on-failure