Package: cups-daemon
Version: 2.2.10-6+deb10u2
Severity: wishlist
Right now you have two stanzas (cupsd and cups-pdf), but you only allow dropins
in the former.
Please add an #include for cups-pdf.
#include <tunables/global>
/usr/sbin/cupsd flags=(attach_disconnected) {
[...]
#include <local/usr.sbin.cupsd>
}
/usr/lib/cups/backend/cups-pdf {
[...]
+ ## Please add this line!
+ #include <local/usr.lib.cups.backend.cups-pdf>
}
The reason I want this is my cups-pdf.conf uses "PostProcessing /usr/lib/blah"
to do some b2b invoicing stuff.
With a drop-in, I can put site-specific whitelist rules in a dedicated file.
Without a drop-in, I have to put those rules in the existing file in a specific
place, which is more fiddly to automate.
PS: I think you also need to ship an empty
local/usr.lib.cups.backend.cups-pdf, otherwise apparmor gets cranky
about a "missing" include.
-- System Information:
Debian Release: 10.3
APT prefers stable
APT policy: (990, 'stable'), (500, 'stable-updates'), (500,
'proposed-updates'), (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 5.4.0-0.bpo.2-amd64 (SMP w/2 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8),
LANGUAGE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
