Removed patches to lift CUPS' internal security features

Now, as we replace CUPS' privilege-drop user "lp" for the filters and backends by the Snap's standard privilege-drop user "snap_daemon" and also check the system for a suitable group for CUPS administration, we do not need to lift CUPS' restrictions any more which we did to run CUPS all-root. So we are removing here the patches for - allowing root as user for the filters and backends - allowing the filter/backends group to be under the admin groups - allowing to run the helper program cups-deviced as root
OpenPrinting · May 26, 2020 · d81e6ed · d81e6ed
1 parent 7844bc9
commit d81e6ed
Show file tree

Hide file tree

Showing 4 changed files with 0 additions and 45 deletions.
diff --git a/patches/cups-deviced-allow-run-by-root.patch b/patches/cups-deviced-allow-run-by-root.patch
diff --git a/patches/cupsd-allow-group-and-systemgroup-be-the-same.patch b/patches/cupsd-allow-group-and-systemgroup-be-the-same.patch
diff --git a/patches/cupsd-allow-root-as-cups-user.patch b/patches/cupsd-allow-root-as-cups-user.patch
diff --git a/snapcraft.yaml b/snapcraft.yaml
@@ -116,9 +116,6 @@ parts:
         set -eux
         patch -p0 < $SNAPCRAFT_STAGE/patches/cupsd-pass-on-ld-library-path.patch
         patch -p0 < $SNAPCRAFT_STAGE/patches/cupsd-pass-on-path.patch
-        patch -p0 < $SNAPCRAFT_STAGE/patches/cupsd-allow-root-as-cups-user.patch
-        patch -p0 < $SNAPCRAFT_STAGE/patches/cupsd-allow-group-and-systemgroup-be-the-same.patch
-        patch -p0 < $SNAPCRAFT_STAGE/patches/cups-deviced-allow-run-by-root.patch
         patch -p1 < $SNAPCRAFT_STAGE/patches/cups-airprint-support.patch
         patch -p1 < $SNAPCRAFT_STAGE/patches/cupsd-extra-check-for-admin-tasks-snap-cups-control.patch
         patch -p1 < $SNAPCRAFT_STAGE/patches/libcups-fix-convert-option-choice-names-in-ppd.patch