scheduler: Added remaining changes needed to run CUPS as a Snap
cupsd has a lot of functionality, especially for security, which does
not work under the confinement of a Snap. So these features need to
get removed or modified when CUPS is intended to get snapped, but
removing them does not necessarily weaken the security of the whole
thing, as the confinement of the Snap adds security replacing the one
removed from CUPS itself.
Most importantly a Snap cannot create several system groups and users.
Instead, it has a single unprivileged system user and a single
unprivileged system group, both named "snap_daemon". These are
replacing "lp" for running print jobs and filters, for administration
the user is root and as group first "lpadmin" and then "adm" is tried
and used if the host system has such a group. In all cases "root" is
also an admin group.
In addition, fiie ACLs do not work inside a Snap and the PATH and
LD_LIBRARY_PATH environment variables of the Snap are passed on to the
executables started by CUPS, so that they find their files and
libraries on the Snap-specific places.
Both the scheduler and the debugging tool cupsfilter are appropriately
modified.
This commit contains all changes to make the scheduler work under
these conditions, but to no compromise the security of an unsnapped
build of CUPS, conditional compiling is used. The changes are only
applied if the "--enable-snapped-cupsd" ./configure option is
used. Also the checking whether a client Snap doing administrative
tasks plugs "cups-control" (my previous commit) is then
active. "--enable-snapped-clients" is still available to do only the
client checking with an unsnapped scheduler.
All these changes got tested as packaging patches inn both the CUPS
Snap and the Debian/Ubuntu package of CUPS.
Note that this commit is not containing the changes on the
(machine-generated) ./configure script and so will not pass the CI
tests. An additional commit with an autoconf rebuild of ./configure is
needed.
projects / thirdparty / cups.git / commit
