Package: cups-daemon Version: 2.3.3op1-3 Severity: normal Hi,
since the upgrade of cups-daemon from 2.3.3-4 to 2.3.3op1-1 I see these message in my log: ``` kernel: audit: type=1400 audit(1608535286.330:113): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=479747 comm="cupsd" capability=12 capname="net_admin" ``` I'm unsure to allow it in AppArmor, because it's a very privileged capability: > CAP_NET_ADMIN > Perform various network-related operations: > * interface configuration; > * administration of IP firewall, masquerading, and accounting; > * modify routing tables; > * bind to any address for transparent proxying; > * set type-of-service (TOS); > * clear driver statistics; > * set promiscuous mode; > * enabling multicasting; > * use setsockopt(2) to set the following socket options: SO_DE‐ > BUG, SO_MARK, SO_PRIORITY (for a priority outside the range 0 > to 6), SO_RCVBUFFORCE, and SO_SNDBUFFORCE. Regards Jörg -- System Information: Debian Release: bullseye/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.9.0-5-amd64 (SMP w/8 CPU threads) Kernel taint flags: TAINT_CRAP, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cups-daemon depends on: ii adduser 3.118 ii bc 1.07.1-2+b2 ii init-system-helpers 1.60 ii libavahi-client3 0.8-3 ii libavahi-common3 0.8-3 ii libc6 2.31-6 ii libcups2 2.3.3op1-3 ii libdbus-1-3 1.13.18-1 ii libgssapi-krb5-2 1.18.3-4 ii libpam0g 1.3.1-5 ii libpaper1 1.1.28+b1 ii libsystemd0 247.2-1 ii lsb-base 11.1.0 ii procps 2:3.3.16-5 ii ssl-cert 1.0.40 Versions of packages cups-daemon recommends: pn avahi-daemon <none> pn colord <none> pn cups-browsed <none> pn ipp-usb <none> Versions of packages cups-daemon suggests: ii cups 2.3.3op1-3 pn cups-bsd <none> ii cups-client 2.3.3op1-3 ii cups-common 2.3.3op1-3 ii cups-filters 1.28.6-1 pn cups-pdf <none> ii cups-ppdc 2.3.3op1-3 ii cups-server-common 2.3.3op1-3 pn foomatic-db-compressed-ppds | foomatic-db <none> ii ghostscript 9.53.3~dfsg-5 ii poppler-utils 20.09.0-3 ii smbclient 2:4.13.3+dfsg-1 ii udev 247.2-1 -- no debconf information
signature.asc
Description: PGP signature