Project

General

Profile

Bug #15029

Check list of backends in the usr.sbin.cups AppArmor profile (2018 edition)

Added by intrigeri over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
-
Target version:
Start date:
12/09/2017
Due date:
% Done:

100%

Feature Branch:
bugfix/15029-AppArmor-cups-backends
Type of work:
Code
Blueprint:
Starter:
Affected tool:

Description

1. Check that what follows is still needed: see "[apparmor] cupsd profile: list of backends", August 2015

2. Check that the list of backends we ship in /usr/lib/cups/backend are all listed in the (patched) /etc/apparmor.d/usr.sbin.cups:

  • backends shipped in the cups-daemon package should have ixr
  • other backends should have Cx -> third_party

3. Create a ticket to do the same next year.


Related issues

Related to Tails - Bug #9963: cupsd AppArmor profile fails to parse on Jessie Resolved 08/11/2015
Related to Tails - Bug #15030: Update list of backends in the usr.sbin.cups AppArmor profile (2019 edition) Resolved 12/09/2017
Blocks Tails - Feature #13245: Core work 2018Q1: Foundations Team Resolved 06/29/2017
Blocked by Tails - Bug #15132: devel branch FTBFS since aufs-dkms 4.14 is in sid Resolved 12/29/2017
Blocked by Tails - Bug #15270: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid Resolved 01/30/2018

Associated revisions

Revision a1d81b1c (diff)
Added by intrigeri over 1 year ago

Drop another task from the RM role (refs: #12710)

This has never been done consistently, which has never caused problems recently,
so we've moved this to a recurring task done once a year by the Foundations
Team: next iteration is refs: #15029.

Revision d86f10ff (diff)
Added by intrigeri over 1 year ago

AppArmor cupsd profile: drop useless coverage for symlinks (refs: #15029)

AppArmor follows symlinks before deciding which rule applies,
so for example /usr/lib/cups/backend/ipps, which is a symlink to ipp,
is already covered by the /usr/lib/cups/backend/ipp rule.

Revision 94be75ab
Added by bertagaz over 1 year ago

Merge remote-tracking branch 'origin/bugfix/15029-AppArmor-cups-backends' into devel

Fix-committed: #15029

History

#1 Updated by intrigeri over 1 year ago

#2 Updated by intrigeri over 1 year ago

  • Status changed from Confirmed to In Progress

#3 Updated by intrigeri over 1 year ago

  • Related to Bug #9963: cupsd AppArmor profile fails to parse on Jessie added

#4 Updated by intrigeri over 1 year ago

  • % Done changed from 0 to 10
  • Feature Branch set to bugfix/15029-AppArmor-cups-backends
  • Type of work changed from Research to Code

intrigeri wrote:

1. Check that what follows is still needed: see "[apparmor] cupsd profile: list of backends", August 2015

What follows is still needed but as per that thread, our patch added two useless lines, that the feature branch drops.

2. Check that the list of backends we ship in /usr/lib/cups/backend are all listed in the (patched) /etc/apparmor.d/usr.sbin.cups:

All this is up-to-date.

3. Create a ticket to do the same next year.

#15030

#5 Updated by intrigeri over 1 year ago

  • Target version changed from Tails_3.5 to Tails_3.6

(There's no reason to risk regressions in 3.5 for a branch that only cleans up useless stuff.)

#6 Updated by intrigeri over 1 year ago

  • % Done changed from 10 to 20

Jenkins is not particularly unhappy but we don't exercise cups much there (especially since 15ff263293c612f69138e03f7fb2f9aedd006e23) so I'll try using a bare metal printer with an ISO built from this branch.

#7 Updated by intrigeri over 1 year ago

  • Assignee changed from intrigeri to anonym
  • % Done changed from 20 to 50
  • QA Check set to Ready for QA

I could print to a JetDirect network printer using generic PostScript drivers.

#8 Updated by intrigeri over 1 year ago

#9 Updated by intrigeri over 1 year ago

#10 Updated by intrigeri over 1 year ago

  • Assignee changed from anonym to bertagaz

#11 Updated by intrigeri over 1 year ago

  • Blocked by Bug #15132: devel branch FTBFS since aufs-dkms 4.14 is in sid added

#12 Updated by intrigeri over 1 year ago

  • Blocked by Bug #15270: devel branch FTBFS since torbrowser-launcher 0.2.9 entered sid added

#13 Updated by bertagaz over 1 year ago

  • Status changed from In Progress to Fix committed
  • Assignee deleted (bertagaz)
  • % Done changed from 50 to 100
  • QA Check changed from Ready for QA to Pass

Looks nice and easy, not so much changes. Don't have a printer to test this change, but I trust your testings and conclusions. merged!

#14 Updated by intrigeri over 1 year ago

  • Related to Bug #15030: Update list of backends in the usr.sbin.cups AppArmor profile (2019 edition) added

#15 Updated by bertagaz over 1 year ago

  • Status changed from Fix committed to Resolved

Also available in: Atom PDF