summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorintrigeri <intrigeri@debian.org>2019-10-30 08:50:54 +0000
committerintrigeri <intrigeri@debian.org>2019-10-30 08:50:54 +0000
commit26dd3290d711565dd65951ffea151b70333d2636 (patch)
tree40506052728c15a6f537ffc83e90a9026e0ec047
parentf85a42b071cee3346c07e9d54d0c8a0241a3410d (diff)
AppArmor: support cups-pdf "Out" directory pointing to almost anywhere below $HOME (Closes: #940578)
-rw-r--r--debian/local/apparmor-profile9
1 files changed, 7 insertions, 2 deletions
diff --git a/debian/local/apparmor-profile b/debian/local/apparmor-profile
index 460455ed5..9b8d0668d 100644
--- a/debian/local/apparmor-profile
+++ b/debian/local/apparmor-profile
@@ -200,8 +200,6 @@
/etc/papersize r,
/etc/cups/cups-pdf.conf r,
/etc/cups/ppd/*.ppd r,
- @{HOME}/PDF/ rw,
- @{HOME}/PDF/* rw,
/usr/bin/gs ixr,
/usr/lib/cups/backend/cups-pdf mr,
/usr/lib/ghostscript/** mr,
@@ -209,4 +207,11 @@
/var/log/cups/cups-pdf*_log w,
/var/spool/cups/** r,
/var/spool/cups-pdf/** rw,
+
+ # allow read and write on almost anything in @{HOME} (lenient, but
+ # private-files-strict is in effect), to support customized "Out"
+ # setting in cups-pdf.conf (Debian#940578)
+ #include <abstractions/private-files-strict>
+ @{HOME}/[^.]*/{,**/} rw,
+ @{HOME}/[^.]*/** rw,
}