From 26dd3290d711565dd65951ffea151b70333d2636 Mon Sep 17 00:00:00 2001
From: intrigeri <intrigeri@debian.org>
Date: Wed, 30 Oct 2019 08:50:54 +0000
Subject: AppArmor: support cups-pdf "Out" directory pointing to almost
 anywhere below $HOME (Closes: #940578)

---
 debian/local/apparmor-profile | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/debian/local/apparmor-profile b/debian/local/apparmor-profile
index 460455ed5..9b8d0668d 100644
--- a/debian/local/apparmor-profile
+++ b/debian/local/apparmor-profile
@@ -200,8 +200,6 @@
   /etc/papersize r,
   /etc/cups/cups-pdf.conf r,
   /etc/cups/ppd/*.ppd r,
-  @{HOME}/PDF/ rw,
-  @{HOME}/PDF/* rw,
   /usr/bin/gs ixr,
   /usr/lib/cups/backend/cups-pdf mr,
   /usr/lib/ghostscript/** mr,
@@ -209,4 +207,11 @@
   /var/log/cups/cups-pdf*_log w,
   /var/spool/cups/** r,
   /var/spool/cups-pdf/** rw,
+
+  # allow read and write on almost anything in @{HOME} (lenient, but
+  # private-files-strict is in effect), to support customized "Out"
+  # setting in cups-pdf.conf (Debian#940578)
+  #include <abstractions/private-files-strict>
+  @{HOME}/[^.]*/{,**/} rw,
+  @{HOME}/[^.]*/**     rw,
 }
-- 
cgit v1.2.3