Comment 4 for bug 1509423

I have looked into the source code of CUPS to look for how the sub-process spawning of CUPS actually works and it is more complex than I thought. To allow more sophisticated security profiles, recently a new wrapper, /usr/lib/cups/daemon/cups-exec, was introduced and instead of calling filters, backends, and other executables directly, CUPS calls cups-exec and cups-exec calls the desired executable. On the splitting of the binary packages of CUPS the whole /usr/lib/cups/daemon directory was assigned to the "cups" binary package which is onlky used in a level-3 printing stack and my tests are done with a level-1 printing stack.

As cups-exec is already needed for basic job execution, it needs to be moved to level 1, or to the cups-daemon package. I will do this in the next CUPS package upload for Xenial.