systemd_service does not disable the service before masking, so if you manually unmask the service, it will be enabled if it was previously enabled.
Therefore mitigation attempts to mask and disable the cups-browsed.service, but if manually unmasked, then the service will be enabled if it was previously, and then started automatically on reboot.
systemd_service does not disable the service before masking, so if you manually unmask the service, it will be enabled if it was previously enabled.
Therefore mitigation attempts to mask and disable the cups-browsed.service, but if manually unmasked, then the service will be enabled if it was previously, and then started automatically on reboot.