Control: severity -1 minor Guten Abend Christian, hi again everyone!
(some AppArmor stuff first, then a question for the CUPS folks) Christian Boltz: > My guess is that John meant something like that: > /etc/cups/** Cx -> trap, > profile trap { > # intentionally left empty > } Ah, got it now, thanks! If this can somehow be combined with the rule we already have: /etc/cups/** rw … then I think this would be a suitable short-term workaround. Jamie, IIRC you're one of the people regularly working on this profile, how does this sound? Finally, I would like to question the need for cupsd to have write access to a world-readable directory, which is, as I understand it, the root cause of the problem (once you assume it has to run as root in the first place). I guess cupsd needs write access because it saves config files there when one uses the web interface, and then by Debian convention /etc/cups is world-readable. But perhaps one of these could change, e.g. does /etc/cups really have to be world-readable? Cheers, -- intrigeri