I mean, you can use something like the lightweight containers generated by firejail, where the program just lacks write permission to the filesystem or network access, stuff like that.
Not quite. I believe they are just splitting CUPS up. The core is just going to be deal with driverless printers. Other code goes into other projects to become adaptors for old printers to appear as driverless printers that CUPS connects to.
It’s hard to hear what Microsoft is saying over the sound of my 15 year-old printers running on CUPS.
Just a heads up some of those old drivers are just encapsulated perl scripts with root access. Easy network target for bad actors.
Interesting. I wonder if it’d be practical to containerize them by default.
Oh my god please don’t make me have to debug docker or k8s printer drivers
I mean, you can use something like the lightweight containers generated by
firejail, where the program just lacks write permission to the filesystem or network access, stuff like that.lp0 on fireBut CUPS is doing the same thing, someone somewhere told me. Using old drivers with it is going to need jumping some extra hoops.
Not quite. I believe they are just splitting CUPS up. The core is just going to be deal with driverless printers. Other code goes into other projects to become adaptors for old printers to appear as driverless printers that CUPS connects to.