From: russell@coker.com.au (Russell Coker)
Date: Sun, 12 Feb 2017 17:59:21 +1100
Subject: [refpolicy] [PATCH 2/2] cups: read permission for
	cupsd_var_run_t socket files in cups_read_pid_files()
In-Reply-To: <DE9DB2A3-1630-4B66-AE0D-9EA5AB4E8FCA@trentalancia.net>
References: <1486657515.28070.9.camel@trentalancia.net>
	<339abd26-09c2-fdea-ae9b-53e01ab5cbef@ieee.org>
	<DE9DB2A3-1630-4B66-AE0D-9EA5AB4E8FCA@trentalancia.net>
Message-ID: <2374176.zg5KFxEMAR@russell.coker.com.au>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Saturday, 11 February 2017 9:00:44 PM AEDT Guido Trentalancia via refpolicy 
wrote:
> Yes, I confirm, sock_file read permissions are needed to print.

I've seen that too.  I have something similar in the Debian policy.

It's not needed to print, it's needed in some configurations which are the 
default for some situations.  It should be possible to configure cups to not 
need that if you don't need lpr/lpq type functionality - but that may not be 
possible for all clients.

-- 
My Main Blog         http://etbe.coker.com.au/
My Documents Blog    http://doc.coker.com.au/