Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read
[ Petter Reinholdtsen, 2022-02-19 ] > [Wolfgang Schweer] > > As the symlink seems to be the problem, another solution would be to > > let cfengine copy the file instead: > > Sure. The reason a symlink was used was to ensure upgrades would take > effect. Right. In case an upgraded debian-edu-config package contains a changed cups-browsed-debian-edu.conf file, 'cf-agent -v -D installation' would need to be run to update the cups-browsed.conf file. In the past, the status pages have been updated at point release days to cope with changes concerning (among others) the debian-edu-config package, including information if a cf-agent run is needed; see: https://wiki.debian.org/DebianEdu/Status/Buster and https://wiki.debian.org/DebianEdu/Status/Bullseye In case of release upgrades, a cf-agent run is required anyway (like documented in the manuals) Wolfgang signature.asc Description: PGP signature
Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read
[Wolfgang Schweer] > As the symlink seems to be the problem, another solution would be to > let cfengine copy the file instead: Sure. The reason a symlink was used was to ensure upgrades would take effect. Perhaps dpkg-divert can be used? I have vague memories of divert on conffiles being a bad idea, but do not know why any more. -- Happy hacking Petter Reinholdtsen
Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read
[ Holger Levsen, 2022-02-19 ] > On Tue, Feb 15, 2022 at 07:20:01PM +, Mike Gabriel wrote: > > Solution 2: > > --- > > Ask the cups src:pkg maintainers to add a line > > /etc/cups/cups-browsed-debian-edu.conf to their > > /etc/appamor.d/usr.sbin.cups-browsed apparmor profile. > > to me this seems to be the cleanest approach. As the symlink seems to be the problem, another solution would be to let cfengine copy the file instead: diff --git a/cf3/cf.cups b/cf3/cf.cups index 9788fa5c..58a64493 100644 --- a/cf3/cf.cups +++ b/cf3/cf.cups @@ -29,7 +29,7 @@ files: debian.desktopintern.!server.installation:: "/etc/cups/cups-browsed.conf" - link_from => ln_s("/etc/cups/cups-browsed-debian-edu.conf"), + copy_from => local_cp("/etc/cups/cups-browsed-debian-edu.conf"), move_obstructions => "true"; } (In both cases, the original file is renamed to /etc/cups/cups-browsed.conf.cfsaved) Wolfgang signature.asc Description: PGP signature
Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read
On Tue, Feb 15, 2022 at 07:20:01PM +, Mike Gabriel wrote: > Solution 2: > --- > Ask the cups src:pkg maintainers to add a line > /etc/cups/cups-browsed-debian-edu.conf to their > /etc/appamor.d/usr.sbin.cups-browsed apparmor profile. to me this seems to be the cleanest approach. -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ The planet will be fine. We won't. signature.asc Description: PGP signature