Px and Ux do not work with globs
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apparmor (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: apparmor
In order to solve bug 133818 I need a rule
# filters are always run as non-root, and there are a lot of
# third-party drivers which we cannot predict
/usr/
since programs in this directory are always executed as a non-root system user by cups. However, this is rejected: "ERROR processing regexs for profile /usr/sbin/cupsd, failed to load". "Px" does not work either. However, "ix" works, so in general, globs do work for subprocesses.
This forces me to give much more privileges to cupsd itself than necessary. cupsd runs as root, so it really matters there, but the filters do not really need confinement (and can't have, since there are a lot of third-party drivers out there which need unpredictable resources).
What version of apparmor are you using? I'm assuming that this rejection is from the parser (is displayed when you run /etc/init. d/apparmor reload?).