ke 18. syysk. 2019 klo 12.11 intrigeri (intrig...@debian.org) kirjoitti:
>
> Martin-Éric Racine:
> > ke 18. syysk. 2019 klo 10.03 intrigeri (intrig...@debian.org) kirjoitti:
> >> C. Disable AppArmor confinement by default for the program that gets
> >> blocked
> >>
> >> If you choose this option, then this bug should be reassigned to
> >> cups-daemon.
>
> > This indeed is the best option.
>
> Thinking about it a bit more, I'm wondering if a less drastic approach
> would be acceptable:
>
> D. Allow cups-pdf to write anywhere under /home/*
>
> This still (somewhat) protects users against security issues in
> cups-pdf. This gets rid of AppArmor denials, as long as the user
> does not customize the "Out" setting to make it point to some place
> that's elsewhere than under ${HOME}.
This was considered a number of times at Ubuntu, back when it adopted
AppArmor. While allowing anything under ${HOME} makes perfect sense
to me (and would be a good enough compromise between security and
configurability), there's always random people who configure an
unusual output path e.g. /tmp/${USER} or somehow prefer upstream's
default at /var/spool/cups-pdf/${USER}, and who immediately file a bug
report when that doesn't work instead of checking README.Debian for
possible instructions regarding AppArmor. There's also systems where
${HOME} is, for some reason, a path other than /home/${USER}.
At the very least, allowing anything inside /home/${USER} would
probably eliminate the vast majority of bug reports. Let's try it.
Martin-Éric
