diff options
author | intrigeri <intrigeri@debian.org> | 2019-10-30 08:50:54 +0000 |
---|---|---|
committer | intrigeri <intrigeri@debian.org> | 2019-10-30 08:50:54 +0000 |
commit | 26dd3290d711565dd65951ffea151b70333d2636 (patch) | |
tree | 40506052728c15a6f537ffc83e90a9026e0ec047 | |
parent | f85a42b071cee3346c07e9d54d0c8a0241a3410d (diff) |
AppArmor: support cups-pdf "Out" directory pointing to almost anywhere below $HOME (Closes: #940578)
-rw-r--r-- | debian/local/apparmor-profile | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/debian/local/apparmor-profile b/debian/local/apparmor-profile index 460455ed5..9b8d0668d 100644 --- a/debian/local/apparmor-profile +++ b/debian/local/apparmor-profile @@ -200,8 +200,6 @@ /etc/papersize r, /etc/cups/cups-pdf.conf r, /etc/cups/ppd/*.ppd r, - @{HOME}/PDF/ rw, - @{HOME}/PDF/* rw, /usr/bin/gs ixr, /usr/lib/cups/backend/cups-pdf mr, /usr/lib/ghostscript/** mr, @@ -209,4 +207,11 @@ /var/log/cups/cups-pdf*_log w, /var/spool/cups/** r, /var/spool/cups-pdf/** rw, + + # allow read and write on almost anything in @{HOME} (lenient, but + # private-files-strict is in effect), to support customized "Out" + # setting in cups-pdf.conf (Debian#940578) + #include <abstractions/private-files-strict> + @{HOME}/[^.]*/{,**/} rw, + @{HOME}/[^.]*/** rw, } |