92bc3717 |
1 | # Last Modified: Wed Jan 18 14:45:09 2012 |
2 | #include <tunables/global> |
3 | |
4 | /usr/sbin/cupsd { |
5 | #include <abstractions/base> |
6 | #include <abstractions/bash> |
7 | #include <abstractions/dbus> |
8 | #include <abstractions/nameservice> |
9 | #include <abstractions/perl> |
10 | |
11 | capability chown, |
12 | capability dac_override, |
13 | capability fowner, |
14 | capability fsetid, |
15 | capability net_bind_service, |
16 | capability setgid, |
17 | capability setuid, |
18 | |
19 | |
20 | |
21 | /bin/bash rix, |
22 | /bin/cat ix, |
23 | /dev/lp0 rw, |
24 | /dev/tty rw, |
25 | /dev/ttyS? w, |
26 | /etc/** r, |
27 | /etc/cups rw, |
28 | /etc/cups/*.conf* rw, |
29 | /etc/cups/certs w, |
30 | /etc/cups/certs/* w, |
31 | /etc/cups/ppd rw, |
32 | /etc/cups/printcap rw, |
33 | /etc/cups/ssl rw, |
34 | /etc/cups/yes/* rw, |
35 | /etc/printcap rw, |
36 | /proc/meminfo r, |
37 | /proc/sys/dev/parport/** r, |
38 | /sys/class/usb r, |
39 | /usr/bin/foomatic-rip rix, |
40 | /usr/bin/gs ix, |
41 | /usr/bin/perl ix, |
42 | /usr/bin/smbspool rix, |
43 | /usr/lib/cups/backend/* rix, |
44 | /usr/lib/cups/filter/* rix, |
45 | /usr/lib/ghostscript/** m, |
46 | /usr/lib64/ghostscript/** m, |
47 | /usr/lib{,32,64}/** mr, |
48 | /usr/sbin/cupsd mrix, |
49 | /usr/share/cups/** r, |
50 | /usr/share/ghostscript/** r, |
51 | /var/cache/cups/ rw, |
52 | /var/cache/cups/** rw, |
53 | /var/log/cups/* rw, |
54 | /var/spool/cups rw, |
55 | /var/spool/cups/** rw, |
56 | /var/spool/cups/tmp w, |
57 | /var/spool/cups/tmp/ r, |
58 | /{,var/}run/cups/ rw, |
59 | /{,var/}run/cups/** rw, |
60 | |
61 | } |