mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Merge cupsd: Add /etc/paperspecs and convert to @etc_ro/rw

Browse Source 
I had this message in my log

```
Dez 30 08:14:46 kernel: audit: type=1400 audit(1735542886.787:307): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/etc/paperspecs" pid=317509 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
```

If the second commit is bad, I can drop it.

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1472
Approved-by: John Johansen <john@jjmx.net>
Merged-by: John Johansen <john@jjmx.net>
This commit is contained in:
John Johansen 2025-01-09 09:48:48 +00:00
commit e5a960a685
1 changed files with 15 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
profiles/apparmor/profiles/extras/usr.sbin.cupsd
View File

@ -23,28 +23,28 @@ include <tunables/global>
/{usr/,}bin/cat ix,
/usr/bin/foomatic-rip ixr,
/etc/foomatic/** r,
@{etc_ro}/foomatic/** r,
/usr/bin/gs ix,
/usr/lib/ghostscript/** m,
/usr/lib64/ghostscript/** m,
/usr/share/ghostscript/** r,
/etc/ghostscript/** r,
@{etc_ro}/ghostscript/** r,
/dev/lp0 rw,
/dev/tty rw,
/dev/ttyS? w,
/etc/cups rw,
/etc/cups/ r,
/etc/cups/** r,
/etc/cups/certs w,
/etc/cups/certs/* w,
/etc/cups/*.conf* rw,
/etc/cups/ppd rw,
/etc/printcap rw,
/etc/cups/printcap rw,
/etc/cups/ssl rw,
/etc/cups/yes/* rw,
@{etc_rw}/cups rw,
@{etc_rw}/cups/ r,
@{etc_rw}/cups/** r,
@{etc_rw}/cups/certs w,
@{etc_rw}/cups/certs/* w,
@{etc_rw}/cups/*.conf* rw,
@{etc_rw}/cups/ppd rw,
@{etc_rw}/printcap rw,
@{etc_rw}/cups/printcap rw,
@{etc_rw}/cups/ssl rw,
@{etc_rw}/cups/yes/* rw,
@{PROC}/meminfo r,
@{PROC}/sys/dev/parport/** r,
/sys/class/usb r,
@ -65,6 +65,8 @@ include <tunables/global>
/var/cache/cups/ rw,
/var/cache/cups/** rw,
@{etc_ro}/paperspecs r,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.cupsd>
}