Public bug reported:

Binary package hint: apparmor

In order to solve bug 133818 I need a rule

  # filters are always run as non-root, and there are a lot of
  # third-party drivers which we cannot predict
  /usr/lib/cups/filter/* Ux,

since programs in this directory are always executed as a non-root
system user by cups. However, this is rejected: "ERROR processing regexs
for profile /usr/sbin/cupsd, failed to load". "Px" does not work either.
However, "ix" works, so in general, globs do work for subprocesses.

This forces me to give much more privileges to cupsd itself than
necessary. cupsd runs as root, so it really matters there, but the
filters do not really need confinement (and can't have, since there are
a lot of third-party drivers out there which need unpredictable
resources).

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
Px and Ux do not work with globs
https://bugs.launchpad.net/bugs/139105
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to