Modify the cupsd profile to use ix transtions (rather than Px) for

backend plugins.

profiles/apparmor/profiles/extras/usr.lib.cups.backend.beh

@@ -1,9 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:26 2007
-#include <tunables/global>
-/usr/lib/cups/backend/beh  {
-  #include <abstractions/base>
-  #include <abstractions/perl>
-
-  /usr/bin/perl ix,
-  /usr/lib/cups/backend/beh mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.hal

@@ -1,7 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:26 2007
-#include <tunables/global>
-/usr/lib/cups/backend/hal  {
-  #include <abstractions/base>
-
-  /usr/lib/cups/backend/hal mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.ipp

@@ -1,11 +0,0 @@
-# Last Modified: Wed Aug 15 10:56:18 2007
-#include <tunables/global>
-/usr/lib/cups/backend/ipp  {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-
-
-  /usr/lib/cups/backend/ipp mr,
-  /var/run/avahi-daemon/socket w,
-  /var/spool/cups/* r,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.lpd

@@ -1,7 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:27 2007
-#include <tunables/global>
-/usr/lib/cups/backend/lpd {
-  #include <abstractions/base>
-
-  /usr/lib/cups/backend/lpd mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.novell

@@ -1,9 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:28 2007
-#include <tunables/global>
-/usr/lib/cups/backend/novell  {
-  #include <abstractions/base>
-  #include <abstractions/perl>
-
-  /usr/bin/perl ix,
-  /usr/lib/cups/backend/novell mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.parallel

@@ -1,7 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:28 2007
-#include <tunables/global>
-/usr/lib/cups/backend/parallel {
-  #include <abstractions/base>
-
-  /usr/lib/cups/backend/parallel mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.pipe

@@ -1,9 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:29 2007
-#include <tunables/global>
-/usr/lib/cups/backend/pipe  {
-  #include <abstractions/base>
-  #include <abstractions/perl>
-
-  /usr/bin/perl ix,
-  /usr/lib/cups/backend/pipe mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.scsi

@@ -1,7 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:29 2007
-#include <tunables/global>
-/usr/lib/cups/backend/scsi  {
-  #include <abstractions/base>
-
-  /usr/lib/cups/backend/scsi mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.serial

@@ -1,10 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:30 2007
-#include <tunables/global>
-/usr/lib/cups/backend/serial {
-  #include <abstractions/base>
-
-  capability sys_admin,
-
-  /dev/ttyS* w,
-  /usr/lib/cups/backend/serial mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.snmp

@@ -1,9 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:30 2007
-#include <tunables/global>
-/usr/lib/cups/backend/snmp  {
-  #include <abstractions/base>
-  #include <abstractions/nameservice>
-
-
-  /usr/lib/cups/backend/snmp mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.socket

@@ -1,7 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:30 2007
-#include <tunables/global>
-/usr/lib/cups/backend/socket  {
-  #include <abstractions/base>
-
-  /usr/lib/cups/backend/socket mr,
-}

profiles/apparmor/profiles/extras/usr.lib.cups.backend.usb

@@ -1,7 +0,0 @@
-# Last Modified: Tue Aug 14 21:25:31 2007
-#include <tunables/global>
-/usr/lib/cups/backend/usb {
-  #include <abstractions/base>
-
-  /usr/lib/cups/backend/usb mr,
-}

profiles/apparmor/profiles/extras/usr.sbin.cupsd

@@ -1,38 +1,49 @@
-# Last Modified: Wed Aug 15 11:17:18 2007
+# Last Modified: Sun Sep 16 18:11:15 2007
 #include <tunables/global>
-/usr/sbin/cupsd  {
-  #include <abstractions/authentication>
+/usr/sbin/cupsd {
   #include <abstractions/base>
+  #include <abstractions/bash>
+  #include <abstractions/dbus>
   #include <abstractions/nameservice>
+  #include <abstractions/perl>
 
+  capability chown,
   capability dac_override,
+  capability fowner,
   capability fsetid,
   capability net_bind_service,
+  capability setgid,
+  capability setuid,
 
-
+  /bin/bash ixr,
+  /dev/lp0 rw,
+  /dev/tty rw,
+  /dev/ttyS? w,
+  /etc/cups rw,
   /etc/cups/ r,
   /etc/cups/* r,
-  /etc/cups/cupsd.conf* rw,
-  /etc/cups/ppd/ w,
-  /etc/cups/ssl/ w,
-  /etc/printcap w,
-  /proc/net/ r,
-  /proc/net/unix r,
-  /usr/lib/cups/backend/ipp Px,
-  /usr/lib/cups/daemon/cups-deviced Px,
-  /usr/lib/cups/notifier/ r,
+  /etc/cups/certs w,
+  /etc/cups/certs/* w,
+  /etc/cups/classes.conf rw,
+  /etc/cups/cupsd.conf rw,
+  /etc/cups/ppd rw,
+  /etc/cups/printcap rw,
+  /etc/cups/printers.conf rw,
+  /etc/cups/ssl rw,
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
+  /proc/meminfo r,
+  /proc/sys/dev/parport/** r,
+  /sys/class/usb r,
+  /usr/bin/perl ix,
+  /usr/bin/smbspool ixr,
+  /usr/lib/cups/backend/* ixr,
+  /usr/lib/cups/filter/* ixr,
   /usr/sbin/cupsd mr,
   /usr/share/cups/** r,
-  /var/cache/cups/ w,
-  /var/cache/cups/** rw,
-  /var/cache/cups/remote.cache rw,
   /var/log/cups/access_log rw,
   /var/log/cups/error_log rw,
-  /var/log/cups/page_log rw,
-  /var/run/cups/ w,
-  /var/run/cups/certs/* w,
-  /var/run/cups/cups.sock w,
-  /var/run/nscd/services r,
-  /var/spool/cups/ w,
-  /var/spool/cups/** rw,
+  /var/spool/cups rw,
+  /var/spool/cups/tmp w,
+  /var/spool/cups/tmp/ r,
 }