Package: cups-browsed Version: 1.28.7-1 Severity: normal Tags: patch
With CUPS on buster and bullseye I see these messages in /var/log/syslog:May 19 12:26:12 server03 kernel: [4563725.605605] audit: type=1400 audit(1621419972.056:193): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/usr/share/cups/locale/" pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 May 19 12:26:12 server03 kernel: [4563725.606138] audit: type=1400 audit(1621419972.056:194): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/usr/share/locale/" pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 12:27:08 server03 systemd[1]: cups-browsed.service: Succeeded.These error messages / folder access blocks can be amended by this change in /etc/apparmor.d/usr.sbin.cups-browsed:
```diff --git a/apparmor.d/usr.sbin.cups-browsed b/apparmor.d/usr.sbin.cups-browsed
index 4cf9301..cb78f2d 100644
--- a/apparmor.d/usr.sbin.cups-browsed
+++ b/apparmor.d/usr.sbin.cups-browsed
@@ -10,6 +10,8 @@
/etc/cups/cups-browsed.conf r,
/etc/cups/lpoptions r,
/etc/cups/ppd/* r,
+ /usr/share/cups/locale/ r,
+ /usr/share/locale/ r,
/{var/,}run/cups/certs/* r,
/var/cache/cups/* rw,
/var/log/cups/* rw,
```
Greets,
Mike
--
DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940
GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de
pgpnRvveMFGDJ.pgp
Description: Digitale PGP-Signatur
