ke 18. syysk. 2019 klo 12.11 intrigeri (intrig...@debian.org) kirjoitti: > > Martin-Éric Racine: > > ke 18. syysk. 2019 klo 10.03 intrigeri (intrig...@debian.org) kirjoitti: > >> C. Disable AppArmor confinement by default for the program that gets > >> blocked > >> > >> If you choose this option, then this bug should be reassigned to > >> cups-daemon. > > > This indeed is the best option. > > Thinking about it a bit more, I'm wondering if a less drastic approach > would be acceptable: > > D. Allow cups-pdf to write anywhere under /home/* > > This still (somewhat) protects users against security issues in > cups-pdf. This gets rid of AppArmor denials, as long as the user > does not customize the "Out" setting to make it point to some place > that's elsewhere than under ${HOME}.
This was considered a number of times at Ubuntu, back when it adopted AppArmor. While allowing anything under ${HOME} makes perfect sense to me (and would be a good enough compromise between security and configurability), there's always random people who configure an unusual output path e.g. /tmp/${USER} or somehow prefer upstream's default at /var/spool/cups-pdf/${USER}, and who immediately file a bug report when that doesn't work instead of checking README.Debian for possible instructions regarding AppArmor. There's also systems where ${HOME} is, for some reason, a path other than /home/${USER}. At the very least, allowing anything inside /home/${USER} would probably eliminate the vast majority of bug reports. Let's try it. Martin-Éric