Package: cups-daemon Version: 2.2.1-8 Severity: normal Tags: patch /run has been around since 2011, I think it's time to stop using the /var/run symlink. Supporting the symlink in SE Linux means supporting both names for the contexts used in the initial creation of files and directories which I want to remove. Here's a patch to make cups not use /var/run:
--- /etc/init.d/cups.orig 2017-03-22 00:26:12.166644807 +1100 +++ /etc/init.d/cups 2017-03-22 00:26:29.758408141 +1100 @@ -19,7 +19,7 @@ PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/cupsd NAME=cupsd -PIDFILE=/var/run/cups/$NAME.pid +PIDFILE=/run/cups/$NAME.pid DESC="Common Unix Printing System" SCRIPTNAME=/etc/init.d/cups @@ -28,8 +28,8 @@ # Exit if the package is not installed test -x $DAEMON || exit 0 -mkdir -p /var/run/cups/certs -[ -x /sbin/restorecon ] && /sbin/restorecon -R /var/run/cups +mkdir -p /run/cups/certs +[ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups # Define LSB log_* functions. # Depend on lsb-base (>= 3.2-14) to ensure that this file is present --- /etc/cups/cupsd.conf.orig 2017-03-22 00:28:32.900624971 +1100 +++ /etc/cups/cupsd.conf 2017-03-22 00:28:48.528298483 +1100 @@ -16,7 +16,7 @@ # Only listen for connections from the local machine. Listen 127.0.0.1:631 -Listen /var/run/cups/cups.sock +Listen /run/cups/cups.sock # Show shared printers on the local network. Browsing On -- System Information: Debian Release: 9.0 APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.9.0-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages cups-daemon depends on: ii adduser 3.115 ii bc 1.06.95-9+b3 ii dpkg 1.18.23 ii init-system-helpers 1.47 ii libavahi-client3 0.6.32-2 ii libavahi-common3 0.6.32-2 ii libc6 2.24-9 ii libcups2 2.2.1-8 ii libcupsmime1 2.2.1-8 ii libdbus-1-3 1.10.16-1 ii libgssapi-krb5-2 1.15-1 ii libpam0g 1.1.8-3.5 ii libpaper1 1.1.24+nmu5 ii libsystemd0 232-19 ii lsb-base 9.20161125 ii procps 2:3.3.12-3 ii ssl-cert 1.0.38 Versions of packages cups-daemon recommends: pn avahi-daemon <none> pn colord <none> pn cups-browsed <none> Versions of packages cups-daemon suggests: ii cups 2.2.1-8 ii cups-bsd 2.2.1-8 ii cups-client 2.2.1-8 ii cups-common 2.2.1-8 ii cups-filters [foomatic-filters] 1.11.6-3 pn cups-pdf <none> ii cups-ppdc 2.2.1-8 ii cups-server-common 2.2.1-8 ii foomatic-db 20161201-1 ii ghostscript 9.20~dfsg-2 pn hplip <none> ii poppler-utils 0.48.0-2 pn printer-driver-gutenprint <none> pn printer-driver-hpcups <none> pn smbclient <none> ii udev 232-19 -- Configuration Files: /etc/init.d/cups changed: PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin DAEMON=/usr/sbin/cupsd NAME=cupsd PIDFILE=/run/cups/$NAME.pid DESC="Common Unix Printing System" SCRIPTNAME=/etc/init.d/cups unset TMPDIR test -x $DAEMON || exit 0 mkdir -p /run/cups/certs [ -x /sbin/restorecon ] && /sbin/restorecon -R /run/cups . /lib/lsb/init-functions if [ -z "$TZ" -a -e /etc/timezone ]; then TZ=`cat /etc/timezone` export TZ fi coldplug_usb_printers() { if type udevadm > /dev/null 2>&1 && [ -x /lib/udev/udev-configure-printer ]; then for printer in `udevadm trigger --verbose --dry-run --subsystem-match=usb \ --attr-match=bInterfaceClass=07 --attr-match=bInterfaceSubClass=01 2>/dev/null || true; \ udevadm trigger --verbose --dry-run --subsystem-match=usb \ --sysname-match='lp[0-9]*' 2>/dev/null || true`; do /lib/udev/udev-configure-printer add "${printer#/sys}" done fi } case "$1" in start) log_daemon_msg "Starting $DESC" "$NAME" mkdir -p `dirname "$PIDFILE"` start-stop-daemon --start --quiet --oknodo --pidfile "$PIDFILE" --exec $DAEMON status=$? [ $status = 0 ] && coldplug_usb_printers log_end_msg $status ;; stop) log_daemon_msg "Stopping $DESC" "$NAME" start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE --name $NAME status=$? log_end_msg $status ;; reload|force-reload) log_daemon_msg "Reloading $DESC" "$NAME" start-stop-daemon --stop --quiet --pidfile $PIDFILE --name $NAME --signal 1 status=$? log_end_msg $status ;; restart) log_daemon_msg "Restarting $DESC" "$NAME" if start-stop-daemon --stop --quiet --retry 5 --oknodo --pidfile $PIDFILE --name $NAME; then start-stop-daemon --start --quiet --pidfile "$PIDFILE" --exec $DAEMON fi status=$? log_end_msg $status ;; status) status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $? ;; *) echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2 exit 3 ;; esac exit 0 -- no debconf information