Call for testing: new cupsys packages with AppArmor profile

Martin Pitt martin.pitt at ubuntu.com
Thu Aug 2 13:27:52 BST 2007 

Hello everyone,

Martin Pitt [2007-08-02 12:15 -0000]:
>  cupsys (1.2.12-1ubuntu2) gutsy; urgency=low
>  .
>    * Drop our derooting changes. It still has some regressions, and with
>      upstream not even acknowledging the need for improving cupsys' security we
>      will sit on this forever. (LP: #119289, LP: #129634)
>    [...]
>    * Add debian/local/apparmor-profile: AppArmor profile for cupsys, to replace
>      the former derooting patches. This uses complain mode for now, until we
>      got some more testing. Install it to /etc/apparmor.d/usr.sbin.cupsd in
>      debian/rules and reload apparmor in debian/cupsys.postinst on configure.

I just did quite a major change to cupsys. Our derooting patches
will probably never make it upstream [1], and our patches still
imposed some functional regressions compared to the upstream variant.
Since we have AppArmor by default now, it is much easier and more
flexible (albeit much less secure, unfortunately, but still good
enough IMHO) to replace all of that mess with a profile.

This version ships one by default now. I do not want to ship gutsy
final with the profile in complaint mode, though, so I would like to
collect some feedback about this before flipping it to 'enforce' by
default.

So please put it into enforce mode yourself with

  sudo aa-enforce cupsd

and check if your printing tasks still work normally. If not, I
appreciate a bug report with the following:

  /etc/cups/cupsd.conf
  /etc/cups/printers.conf
  /var/log/cups/error_log

  output of "grep audit.*cupsd /var/log/kern.log"

If all goes well, I'll flip the complaint->enforce switch after Tribe
4, to get some more widespread testing.

The current profile is not yet perfect, of course, but it makes basic
things work for me (USB printer, detection, job control, web
interface, etc.). All suggestions welcome, of course!

Thank you in advance,

Martin

[1] Upstream basically denies that it is a problem to have a daemon
running as root which listens to the network and does an awful lot of
string and file processing and calling of external programs and
libraries.

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20070802/0c71afcb/attachment.pgp

More information about the ubuntu-devel mailing list