| 1 | # Last Modified: Wed Jan 18 14:45:09 2012 |
| 2 | #include <tunables/global> |
| 3 | |
| 4 | /usr/sbin/cupsd { |
| 5 | #include <abstractions/base> |
| 6 | #include <abstractions/bash> |
| 7 | #include <abstractions/dbus> |
| 8 | #include <abstractions/nameservice> |
| 9 | #include <abstractions/perl> |
| 10 | |
| 11 | capability chown, |
| 12 | capability dac_override, |
| 13 | capability fowner, |
| 14 | capability fsetid, |
| 15 | capability net_bind_service, |
| 16 | capability setgid, |
| 17 | capability setuid, |
| 18 | |
| 19 | |
| 20 | |
| 21 | /bin/bash rix, |
| 22 | /bin/cat ix, |
| 23 | /dev/lp0 rw, |
| 24 | /dev/tty rw, |
| 25 | /dev/ttyS? w, |
| 26 | /etc/** r, |
| 27 | /etc/cups rw, |
| 28 | /etc/cups/*.conf* rw, |
| 29 | /etc/cups/certs w, |
| 30 | /etc/cups/certs/* w, |
| 31 | /etc/cups/ppd rw, |
| 32 | /etc/cups/printcap rw, |
| 33 | /etc/cups/ssl rw, |
| 34 | /etc/cups/yes/* rw, |
| 35 | /etc/printcap rw, |
| 36 | /proc/meminfo r, |
| 37 | /proc/sys/dev/parport/** r, |
| 38 | /sys/class/usb r, |
| 39 | /usr/bin/foomatic-rip rix, |
| 40 | /usr/bin/gs ix, |
| 41 | /usr/bin/perl ix, |
| 42 | /usr/bin/smbspool rix, |
| 43 | /usr/lib/cups/backend/* rix, |
| 44 | /usr/lib/cups/filter/* rix, |
| 45 | /usr/lib/ghostscript/** m, |
| 46 | /usr/lib64/ghostscript/** m, |
| 47 | /usr/lib{,32,64}/** mr, |
| 48 | /usr/sbin/cupsd mrix, |
| 49 | /usr/share/cups/** r, |
| 50 | /usr/share/ghostscript/** r, |
| 51 | /var/cache/cups/ rw, |
| 52 | /var/cache/cups/** rw, |
| 53 | /var/log/cups/* rw, |
| 54 | /var/spool/cups rw, |
| 55 | /var/spool/cups/** rw, |
| 56 | /var/spool/cups/tmp w, |
| 57 | /var/spool/cups/tmp/ r, |
| 58 | /{,var/}run/cups/ rw, |
| 59 | /{,var/}run/cups/** rw, |
| 60 | |
| 61 | } |