# apparmor profile for cupspykota
# thomas@linuxmuster.net
# 04.02.2013
#

#include <tunables/global>

/usr/lib/cups/backend/cupspykota {
  #include <abstractions/apache2-common>
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>

  capability chown,
  capability fowner,
  capability fsetid,
  capability setgid,
  capability setuid,
  capability dac_override,
  capability dac_read_search,

  /bin/dash ixr,
  /bin/bash ixr,
  /dev/tty rw,
  /etc/pykota/* r,
  /etc/python2.7/* r,
  /etc/cups/cups-pdf.conf r,
  @{HOME}/PDF/ rw,
  @{HOME}/PDF/* rw,
  /proc/*/mounts r,
  /usr/bin/env ixr,
  /usr/bin/gs ixr,
  /usr/bin/python ixr,
  /usr/bin/python2.7 ixr,
  /usr/include/python2.7/** r,
  /usr/lib/cups/backend/* ixr,
  /usr/lib/python2.7/** ixr,
  /usr/share/pykota/* ixr,
  /usr/share/pyshared/** r,
  /var/log/cups/cups-pdf_log w,
  /var/spool/cups-pdf/** rwkl,
  /var/spool/cups/** rwkl,
}