Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read

2022-02-19 Thread Wolfgang Schweer 
[ Petter Reinholdtsen, 2022-02-19 ]
> [Wolfgang Schweer]
> > As the symlink seems to be the problem, another solution would be to
> > let cfengine copy the file instead:
> 
> Sure.  The reason a symlink was used was to ensure upgrades would take
> effect.
 
Right. In case an upgraded debian-edu-config package contains a changed 
cups-browsed-debian-edu.conf file, 'cf-agent -v -D installation' would 
need to be run to update the cups-browsed.conf file.

In the past, the status pages have been updated at point release days to 
cope with changes concerning (among others) the debian-edu-config 
package, including information if a cf-agent run is needed; see:

https://wiki.debian.org/DebianEdu/Status/Buster
and
https://wiki.debian.org/DebianEdu/Status/Bullseye

In case of release upgrades, a cf-agent run is required anyway (like 
documented in the manuals)

Wolfgang


signature.asc
Description: PGP signature

Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read

2022-02-19 Thread Petter Reinholdtsen 
[Wolfgang Schweer]
> As the symlink seems to be the problem, another solution would be to
> let cfengine copy the file instead:

Sure.  The reason a symlink was used was to ensure upgrades would take
effect.

Perhaps dpkg-divert can be used?  I have vague memories of divert on
conffiles being a bad idea, but do not know why any more.

-- 
Happy hacking
Petter Reinholdtsen

Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read

2022-02-19 Thread Wolfgang Schweer 
[ Holger Levsen, 2022-02-19 ]
> On Tue, Feb 15, 2022 at 07:20:01PM +, Mike Gabriel wrote:
> > Solution 2:
> > ---
> > Ask the cups src:pkg maintainers to add a line
> > /etc/cups/cups-browsed-debian-edu.conf to their
> > /etc/appamor.d/usr.sbin.cups-browsed apparmor profile.
> 
> to me this seems to be the cleanest approach.

As the symlink seems to be the problem, another solution would be to
let cfengine copy the file instead:

diff --git a/cf3/cf.cups b/cf3/cf.cups
index 9788fa5c..58a64493 100644
--- a/cf3/cf.cups
+++ b/cf3/cf.cups
@@ -29,7 +29,7 @@ files:
   debian.desktopintern.!server.installation::
 
 "/etc/cups/cups-browsed.conf"
-  link_from => ln_s("/etc/cups/cups-browsed-debian-edu.conf"),
+  copy_from => local_cp("/etc/cups/cups-browsed-debian-edu.conf"),
   move_obstructions => "true";
 }

(In both cases, the original file is renamed to 
/etc/cups/cups-browsed.conf.cfsaved)

Wolfgang


signature.asc
Description: PGP signature

Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read

2022-02-19 Thread Holger Levsen 
On Tue, Feb 15, 2022 at 07:20:01PM +, Mike Gabriel wrote:
> Solution 2:
> ---
> Ask the cups src:pkg maintainers to add a line
> /etc/cups/cups-browsed-debian-edu.conf to their
> /etc/appamor.d/usr.sbin.cups-browsed apparmor profile.

to me this seems to be the cleanest approach.


-- 
cheers,
Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

The planet will be fine. We won't.


signature.asc
Description: PGP signature