|
Chris PeBenito |
0fbfa5 |
#DESC Cups - Common Unix Printing System
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Created cups policy from lpd policy: Russell Coker <russell@coker.com.au>
|
|
Chris PeBenito |
0fbfa5 |
# X-Debian-Packages: cupsys cupsys-client cupsys-bsd
|
|
Chris PeBenito |
0fbfa5 |
# Depends: lpd.te lpr.te
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#################################
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Rules for the cupsd_t domain.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# cupsd_t is the domain of cupsd.
|
|
Chris PeBenito |
0fbfa5 |
# cupsd_exec_t is the type of the cupsd executable.
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
type ipp_port_t, port_type, reserved_port_type;
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(cupsd, `, auth_chkpwd, nscd_client_domain')
|
|
Chris PeBenito |
0fbfa5 |
etcdir_domain(cupsd)
|
|
Chris PeBenito |
0fbfa5 |
typealias cupsd_etc_t alias etc_cupsd_t;
|
|
Chris PeBenito |
0fbfa5 |
type cupsd_rw_etc_t, file_type, sysadmfile, usercanread;
|
|
Chris PeBenito |
0fbfa5 |
typealias cupsd_rw_etc_t alias etc_cupsd_rw_t;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_network(cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
logdir_domain(cupsd)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
tmp_domain(cupsd)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t devpts_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t device_t:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t printer_device_t:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t urandom_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t random_device_t:chr_file ioctl;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# temporary solution, we need something better
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t serial_device:chr_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cupsd_t, usbdevfs_t)
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cupsd_t, usbfs_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`logrotate.te', `
|
|
Chris PeBenito |
0fbfa5 |
domain_auto_trans(logrotate_t, cupsd_exec_t, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`inetd.te', `
|
|
Chris PeBenito |
0fbfa5 |
allow inetd_t printer_port_t:tcp_socket name_bind;
|
|
Chris PeBenito |
0fbfa5 |
domain_auto_trans(inetd_t, cupsd_exec_t, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# write to spool
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t var_spool_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# this is not ideal, and allowing setattr access to cupsd_etc_t is wrong
|
|
Chris PeBenito |
0fbfa5 |
file_type_auto_trans(cupsd_t, cupsd_etc_t, cupsd_rw_etc_t, file)
|
|
Chris PeBenito |
0fbfa5 |
file_type_auto_trans(cupsd_t, var_t, cupsd_rw_etc_t, file)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t cupsd_rw_etc_t:dir { setattr rw_dir_perms };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t cupsd_etc_t:file setattr;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t cupsd_etc_t:dir setattr;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t { etc_t etc_runtime_t }:file { getattr read ioctl };
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_t, initrc_exec_t)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t proc_t:file r_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t proc_t:dir r_dir_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
read_sysctl(cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t sysctl_dev_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t sysctl_dev_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for /etc/printcap
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t etc_t:file write;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# allow cups to execute its backend scripts
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_t, cupsd_exec_t)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t cupsd_exec_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t cupsd_exec_t:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:unix_dgram_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Use capabilities.
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:capability { dac_read_search kill setgid setuid fsetid net_bind_service fowner chown dac_override sys_tty_config };
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t self:capability net_admin;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:process setsched;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# for /var/lib/defoma
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t var_lib_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cupsd_t, readable_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Bind to the cups/ipp port (631).
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t ipp_port_t:{ udp_socket tcp_socket } name_bind;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_tcp_connect(web_client_domain, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
can_tcp_connect(cupsd_t, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Send to portmap.
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`portmap.te', `
|
|
Chris PeBenito |
0fbfa5 |
can_udp_send(cupsd_t, portmap_t)
|
|
Chris PeBenito |
0fbfa5 |
can_udp_send(portmap_t, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Write to /var/spool/cups.
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t print_spool_t:dir { setattr rw_dir_perms };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t print_spool_t:file create_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t print_spool_t:file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Filter scripts may be shell scripts, and may invoke progs like /bin/mktemp
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t { bin_t sbin_t }:dir { search getattr };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t bin_t:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_t, { shell_exec_t bin_t sbin_t })
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# They will also invoke ghostscript, which needs to read fonts
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cupsd_t, fonts_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Read /usr/lib/gconv/gconv-modules.* and /usr/lib/python2.2/.*
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t lib_t:file { read getattr };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# read python modules
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t usr_t:{ file lnk_file } { read getattr ioctl };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# lots of errors generated requiring the following
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t self:netlink_route_socket { bind create getattr nlmsg_read read write };
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
# Satisfy readahead
|
|
Chris PeBenito |
0fbfa5 |
#
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t cupsd_log_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cupsd_t, var_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(cupsd_t, usercanread)
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`samba.te', `
|
|
Chris PeBenito |
0fbfa5 |
rw_dir_file(cupsd_t, samba_var_t)
|
|
Chris PeBenito |
0fbfa5 |
allow smbd_t cupsd_etc_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`pam.te', `
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t pam_var_run_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t { sysadm_home_dir_t staff_home_dir_t }:dir { getattr search };
|
|
Chris PeBenito |
0fbfa5 |
# PTAL
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(ptal)
|
|
Chris PeBenito |
0fbfa5 |
etcdir_domain(ptal)
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t ptal_var_run_t:fifo_file create_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t ptal_var_run_t:sock_file create_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t self:capability chown;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t self:{ unix_dgram_socket unix_stream_socket } create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t self:unix_stream_socket { listen accept };
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t device_t:dir read;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t printer_device_t:chr_file { ioctl read write };
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t printer_device_t:chr_file getattr;
|
|
Chris PeBenito |
0fbfa5 |
allow ptal_t { etc_t etc_runtime_t }:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(ptal_t, usbdevfs_t)
|
|
Chris PeBenito |
0fbfa5 |
r_dir_file(ptal_t, usbfs_t)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t ptal_var_run_t:sock_file { write setattr };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t ptal_t:unix_stream_socket connectto;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t ptal_var_run_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
dontaudit ptal_t { sysadm_home_dir_t staff_home_dir_t }:dir { getattr search };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t ptal_var_run_t:dir rmdir;
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t ptal_var_run_t:fifo_file unlink;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t selinux_config_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_t selinux_config_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t printconf_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
dbusd_client(system, cupsd)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`hald.te', `
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# CUPS configuration daemon
|
|
Chris PeBenito |
0fbfa5 |
daemon_domain(cupsd_config)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t devpts_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`distro_redhat', `
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`rpm.te', `
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t rpm_var_lib_t:dir { getattr search };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t rpm_var_lib_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t initrc_exec_t:file getattr;
|
|
Chris PeBenito |
0fbfa5 |
')dnl end distro_redhat
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t { etc_t etc_runtime_t net_conf_t }:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t self:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t proc_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t cupsd_var_run_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t cupsd_t:process { signal };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t cupsd_t:{ file lnk_file } { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
can_ps(cupsd_config_t, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t self:capability chown;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
rw_dir_create_file(cupsd_config_t, cupsd_etc_t)
|
|
Chris PeBenito |
0fbfa5 |
rw_dir_create_file(cupsd_config_t, cupsd_rw_etc_t)
|
|
Chris PeBenito |
0fbfa5 |
file_type_auto_trans(cupsd_config_t, cupsd_etc_t, cupsd_rw_etc_t, file)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_network_tcp(cupsd_config_t)
|
|
Chris PeBenito |
0fbfa5 |
can_tcp_connect(cupsd_config_t, cupsd_t)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t self:fifo_file rw_file_perms;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t self:unix_stream_socket create_socket_perms;
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`dbusd.te', `
|
|
Chris PeBenito |
0fbfa5 |
dbusd_client(system, cupsd_config)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t userdomain:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t system_dbusd_t:dbus { send_msg acquire_svc };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t system_dbusd_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow userdomain cupsd_config_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t hald_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow hald_t cupsd_config_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t userdomain:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t hald_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow hald_t cupsd_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
')dnl end if dbusd.te
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_config_t, { bin_t sbin_t shell_exec_t })
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`hostname.te', `
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_t, hostname_exec_t)
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_config_t, hostname_exec_t)
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t { bin_t sbin_t }:dir { search getattr };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t { bin_t sbin_t }:lnk_file read;
|
|
Chris PeBenito |
0fbfa5 |
# killall causes the following
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_config_t domain:dir { getattr search };
|
|
Chris PeBenito |
0fbfa5 |
dontaudit cupsd_config_t selinux_config_t:dir search;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
can_exec(cupsd_config_t, cupsd_config_exec_t)
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t usr_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t var_lib_t:dir { getattr search };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t rpm_var_lib_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t printconf_t:file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t urandom_device_t:chr_file { getattr read };
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
domain_auto_trans(hald_t, cupsd_config_exec_t, cupsd_config_t)
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`logrotate.te', `
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t logrotate_t:fd use;
|
|
Chris PeBenito |
0fbfa5 |
')dnl end if logrotate.te
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t system_crond_t:fd use;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t crond_t:fifo_file read;
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t crond_t:fifo_file read;
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
# Alternatives asks for this
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_config_t initrc_exec_t:file getattr;
|
|
Chris PeBenito |
0fbfa5 |
') dnl end if hald.te
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`targeted_policy', `
|
|
Chris PeBenito |
0fbfa5 |
can_unix_connect(cupsd_t, initrc_t)
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t initrc_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
allow initrc_t cupsd_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
')
|
|
Chris PeBenito |
0fbfa5 |
|
|
Chris PeBenito |
0fbfa5 |
ifdef(`targeted_policy', `
|
|
Chris PeBenito |
0fbfa5 |
allow cupsd_t unconfined_t:dbus send_msg;
|
|
Chris PeBenito |
0fbfa5 |
')
|