Project

General

Profile

Bug #11699

Our modifications to the AppArmor profile for cupsd need updating for Stretch

Added by intrigeri about 3 years ago. Updated about 3 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Hardware support
Target version:
Start date:
08/23/2016
Due date:
% Done:

100%

Feature Branch:
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

Backends

apparmor="DENIED" operation="exec" profile="/usr/sbin/cupsd" name="/usr/lib/cups/backend/beh" pid=5446 comm="cups-deviced" requested_mask="x" denied_mask="x"

See #9963 for the original reason for the patching. First try to drop these bits of our patch and see if it works better with no modification on Stretch. Worst case just update the list of backends.

Other issues

apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/lib/live/mount/overlay/var/.wh..wh.spool.0096/" pid=5685 comm="cupsd" requested_mask="c" denied_mask="c"


Related issues

Related to Tails - Bug #9963: cupsd AppArmor profile fails to parse on Jessie Resolved 08/11/2015

Associated revisions

Revision d1575b36 (diff)
Added by intrigeri about 3 years ago

cupsd AppArmor profile: update list of backends.

refs: #11699

Revision 460a91bc (diff)
Added by intrigeri about 3 years ago

cupsd AppArmor profile: add another aufs-specific tweak that Stretch needs.

refs: #11699

Revision d46147ae (diff)
Added by intrigeri about 3 years ago

cupsd AppArmor profile: add another aufs-specific tweak that Stretch needs.

refs: #11699

History

#1 Updated by intrigeri about 3 years ago

  • Description updated (diff)

#2 Updated by intrigeri about 3 years ago

  • Related to Bug #9963: cupsd AppArmor profile fails to parse on Jessie added

#3 Updated by intrigeri about 3 years ago

  • Status changed from Confirmed to In Progress
  • % Done changed from 0 to 50

Should be fixed in Git. But I want to test in a clean environment after building an ISO.

#4 Updated by intrigeri about 3 years ago

I also need to fix apparmor="DENIED" operation="rename_dest" profile="/usr/sbin/cupsd" name="/lib/live/mount/overlay/var/spool/" pid=5481 comm="cupsd" requested_mask="wc" denied_mask="wc".

#5 Updated by intrigeri about 3 years ago

  • % Done changed from 50 to 60

intrigeri wrote:

I also need to fix apparmor="DENIED" operation="rename_dest" profile="/usr/sbin/cupsd" name="/lib/live/mount/overlay/var/spool/" pid=5481 comm="cupsd" requested_mask="wc" denied_mask="wc".

d46147a should fix that one. One never knows so I'll test again from an ISO that has it.

#6 Updated by intrigeri about 3 years ago

Works.

#7 Updated by intrigeri about 3 years ago

  • Status changed from In Progress to Resolved
  • % Done changed from 60 to 100

Also available in: Atom PDF