https://bugzilla.novell.com/show_bug.cgi?id=857372
https://bugzilla.novell.com/show_bug.cgi?id=857372#c67
Christian Boltz
Now it even seems it is completely impossible to provide systemd unit files for socket activation with default values that are secure and "just work" in a real network.
For a network: yes, it would be (nearly) impossible to havesomething that "just works" and is secure. I'd propose to ship a cups.socket listening only to localhost. Reasons: - it works for average home users who have the printer directly attached to their computer (which is probably the majority of users) - people who want to setup a print server can still enable cups.service In comparison (to comment 61), removing cups.socket completely would mean everybody has to enable cups.service (which means cups is running all the time) - I'd call that a disadvantage for users with the printer attached to their own computer. As far as I understand cups.path (/var/spool/cups/d* are pending print jobs?), I'd say you should also keep it.
Now I am waiting for the first one who demands "YaST" to "fix" it... ;-)
YaST? How boring ;-) If you want a really good solution, write a systemd generator that creates the cups.socket with ListenDatagram=<the network allowed in the cups config> (I don't really need that - but you asked for that type of joke ;-)) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.