From: Johannes Meixner <jsmeix@suse.de>
To: printing-architecture@lists.linux-foundation.org
Subject: Re: [Printing-architecture] Automatic printer setup with Printer Applications
Date: Thu, 25 Feb 2021 11:30:48 +0100 [thread overview]
Message-ID: <4cd209b5fc90aa7ccfc8e1a7c380f982@suse.de> (raw)
In-Reply-To: <4978914c-e66a-3084-251f-4b72ad364eaf@gmail.com>
Hello,
I have a general understanding problem and questions
regarding how Printer Applications are meant to work.
In
https://openprinting.github.io/upcoming-technologies/01-printer-application/
I understand that a Printer Application emulates
a driverless IPP printer so that a printer device
appears to "others" as IPP Everywhere printer
which means "others" detect and communicate with
that (emulated) IPP Everywhere printer via network.
Basically a Printer Application "wraps" a printer device
into an IPP Everywhere network printer.
What I do not understand is how a Printer Application
detects and communicates with its associated
actual printer device
For example printers that have both a USB interface
and a network interface with several network protocols
like TCP socket, LPD, (dumb) IPP (no IPP Everywhere).
How does a Printer Application implement
detection and communication with such devices?
Does each and every Printer Application implement
it for each and every combination of methods?
Or in other words:
In traditional CUPS device detection and communication
was separated from the "driver" functionality by having
separated CUPS backends for different access methods
that are also separated from the other CUPS filters.
How is that done with Printer Applications?
On 2021-02-24 14:51, Till Kamppeter wrote:
> On 24/02/2021 13:01, Johannes Meixner wrote:
>>
>> if I understand it correctly the basic idea behind is
>> that for printer setup inside a container
>> (I use 'container' as generic name for any isolated environment
>> that has no direct access to the outer world e.g. also chroot)
>> udev-configure-printer acts as proxy for outer world access.
>
> No, each container (Printer Application) has access to the printers
> and with the two methods I described can observe whether a printer
> is coming or going.
I am really not a container expert so I may ask obvious things:
I do not understand how a Printer Application that runs inside
a container "has access" to printer devices that exist outside
of the container - i.e. how something inside a container
"has access" to e.g. USB device nodes that should normally
be only accessible from the container host system?
Or in other words:
If "just installing" a containerized Printer Application
makes USB device nodes on the container host system
"just accessible" from within the container
I would consider this as a major security violation.
When I install a containerized application I would expect
that there are no automated holes in its isolation.
I think all holes in container isolation require explicit
user confirmation (at least I hope this is the standard).
E.g. I may have two USB printers (perhaps even two same models)
and I may want to allow access from within a containerized
Printer Application to only one exactly specified printer.
Kind Regards
Johannes Meixner
--
SUSE Software Solutions Germany GmbH
Maxfeldstr. 5 - 90409 Nuernberg - Germany
(HRB 36809, AG Nuernberg) GF: Felix Imendoerffer
next prev parent reply other threads:[~2021-02-25 10:30 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-23 19:27 [Printing-architecture] Automatic printer setup with Printer Applications Till Kamppeter
2021-02-24 7:37 ` Johannes Meixner
2021-02-24 8:03 ` Zdenek Dohnal
2021-02-24 11:25 ` Till Kamppeter
2021-02-24 12:01 ` Johannes Meixner
2021-02-24 13:51 ` Till Kamppeter
2021-02-25 10:30 ` Johannes Meixner [this message]
2021-02-25 13:37 ` Till Kamppeter
2021-02-25 14:00 ` Johannes Meixner
2021-02-25 13:53 ` Michael Sweet
2021-02-24 12:48 ` Solomon Peachy
2021-02-24 14:01 ` Johannes Meixner
2021-02-24 17:23 ` Till Kamppeter
2021-02-26 9:17 ` Johannes Meixner
2021-02-24 14:17 ` Till Kamppeter
2021-02-25 15:28 ` Solomon Peachy
2021-02-25 22:54 ` Till Kamppeter
2021-02-26 14:59 ` Solomon Peachy
2021-02-25 8:28 ` Zdenek Dohnal
2021-02-25 14:54 ` Solomon Peachy
2021-02-26 10:03 ` Johannes Meixner
2021-02-26 12:28 ` Solomon Peachy
2021-02-27 21:07 ` Michael Sweet
2021-02-24 14:17 ` Michael Sweet
2021-02-24 14:46 ` Johannes Meixner
2021-02-24 18:47 ` Till Kamppeter
2021-02-24 17:40 ` Till Kamppeter
2021-02-24 17:48 ` Michael Sweet
2021-02-24 19:21 ` Till Kamppeter
2021-02-24 20:01 ` Michael Sweet
2021-02-24 20:15 ` Till Kamppeter
2021-02-25 8:52 ` Zdenek Dohnal
2021-02-25 9:24 ` Till Kamppeter
2021-02-25 9:54 ` Zdenek Dohnal
2021-02-25 13:43 ` Michael Sweet
2021-02-25 19:39 ` Till Kamppeter
2021-02-25 13:33 ` Michael Sweet
2021-02-25 15:24 ` Till Kamppeter
2021-02-25 15:30 ` Michael Sweet
2021-02-25 21:51 ` Till Kamppeter
2021-03-02 10:58 ` [Printing-architecture] Future of Printer Setup Tools Till Kamppeter
2021-03-02 12:04 ` Johannes Meixner
2021-03-02 22:52 ` Till Kamppeter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4cd209b5fc90aa7ccfc8e1a7c380f982@suse.de \
--to=jsmeix@suse.de \
--cc=printing-architecture@lists.linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.