** Changed in: cups-filters (Ubuntu)
Assignee: (unassigned) => Didier Raboud (odyx)
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups-filters in Ubuntu.
https://bugs.launchpad.net/bugs/1276630
Title:
cups-browsed upstart job does not load the apparmor profile for cups-
browsed
Status in “cups-filters” package in Ubuntu:
Triaged
Bug description:
On up to date trust I noticed that:
$ sudo aa-status
apparmor module is loaded.
124 profiles are loaded.
...
/usr/sbin/cups-browsed
0 profiles are in complain mode.
32 processes have profiles defined.
31 processes are in enforce mode.
...
0 processes are in complain mode.
1 processes are unconfined but have a profile defined.
/usr/sbin/cups-browsed (1222)
This means that while there is an apparmor profile for cups-browsed
and it is loaded (good), it is being loaded into the kernel after
/usr/sbin/cups-browsed is started which means that /usr/sbin/cups-
browsed is running unconfined (bad).
Fix is to adjust the upstart job to either use /lib/init/apparmor-
profile-load in the pre-start or to use the new apparmor stanza in the
upstart job. Since cups itself is still using /lib/init/apparmor-
profile-load, attached is a patch to use it for cups-browsed.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups-filters/+bug/1276630/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
