Bug #9963: cupsd AppArmor profile fails to parse on Jessie

Bug #9963

cupsd AppArmor profile fails to parse on Jessie

Added by intrigeri 2015-08-11 03:30:55 . Updated 2015-08-26 06:11:40 .

Status:

Resolved

Priority:

Normal

Assignee:

Category:

Target version:

Tails_2.0

Start date:

2015-08-11

Due date:

% Done:

100%

Feature Branch:

Type of work:

Code

Blueprint:

Starter:

Affected tool:

Deliverable for:

269

Description

# apparmor_parser -K -r usr.sbin.cupsd 
profile has merged rule with conflicting x modifiers
ERROR processing regexs for profile /usr/sbin/cupsd, failed to load

That’s caused by our aliases => we need to patch it like we already do for other ones.

Subtasks

Related issues

Related to Tails - ~~Bug #11699~~: Our modifications to the AppArmor profile for cupsd need updating for Stretch	Resolved	2016-08-23
Related to Tails - ~~Bug #15029~~: Check list of backends in the usr.sbin.cups AppArmor profile (2018 edition)	Resolved	2017-12-09
Related to Tails - ~~Bug #15030~~: Update list of backends in the usr.sbin.cups AppArmor profile (2019 edition)	Resolved	2017-12-09

History

#1 Updated by intrigeri 2015-08-11 03:45:06

This “fixes” the parsing, which should help pinpoint the actual problem:

--- usr.sbin.cupsd.orig 2015-08-11 09:47:34.000000000 +0000
+++ usr.sbin.cupsd  2015-08-11 10:43:35.384000000 +0000
@@ -92,18 +92,18 @@
   /usr/lib/cups/backend/cups-pdf Px,
   # third party backends get no restrictions as they often need high
   # privileges and this is beyond our control
-  /usr/lib/cups/backend/* Cx -> third_party,
+#   /usr/lib/cups/backend/* Cx -> third_party,

-  /usr/lib/cups/cgi-bin/* ixr,
-  /usr/lib/cups/daemon/* ixr,
-  /usr/lib/cups/monitor/* ixr,
-  /usr/lib/cups/notifier/* ixr,
+#   /usr/lib/cups/cgi-bin/* ixr,
+#   /usr/lib/cups/daemon/* ixr,
+#   /usr/lib/cups/monitor/* ixr,
+#   /usr/lib/cups/notifier/* ixr,
   # filters and drivers (PPD generators) are always run as non-root,
   # and there are a lot of third-party drivers which we cannot predict
-  /usr/lib/cups/filter/** Cxr -> third_party,
-  /usr/lib/cups/driver/* Cxr -> third_party,
+#   /usr/lib/cups/filter/** Cxr -> third_party,
+#   /usr/lib/cups/driver/* Cxr -> third_party,
   /usr/local/** rm,
-  /usr/local/lib/cups/** rix,
+#   /usr/local/lib/cups/** rix,
   /usr/share/** r,
   /{,var/}run/** rm,
   /{,var/}run/avahi-daemon/socket rw,
@@ -124,8 +124,8 @@
   /opt/** rix,

   # FIXME: no policy ATM for hplip and Brother drivers
-  /usr/bin/hpijs Cx -> third_party,
-  /usr/Brother/** Cx -> third_party,
+#   /usr/bin/hpijs Cx -> third_party,
+#   /usr/Brother/** Cx -> third_party,

   # Kerberos authentication
   /etc/krb5.conf r,

#2 Updated by intrigeri 2015-08-11 07:19:09

Status changed from Confirmed to Resolved
% Done changed from 0 to 100

Applied in changeset commit:cea3a0c3d1af4e06c92ede0a757c6999ac301848.

#3 Updated by intrigeri 2015-08-11 07:19:50

blocks #8668 added

#4 Updated by intrigeri 2015-08-11 07:20:17

Assignee deleted (~~intrigeri~~)

#5 Updated by intrigeri 2015-08-26 06:11:40

Deliverable for set to 269

#6 Updated by intrigeri 2016-08-23 09:21:20

related to ~~Bug #11699~~: Our modifications to the AppArmor profile for cupsd need updating for Stretch added

#7 Updated by intrigeri 2017-12-09 10:41:14

related to ~~Bug #15029~~: Check list of backends in the usr.sbin.cups AppArmor profile (2018 edition) added

#8 Updated by intrigeri 2017-12-09 11:05:46

related to ~~Bug #15030~~: Update list of backends in the usr.sbin.cups AppArmor profile (2019 edition) added