Bug#990331: reportbug: cups-browsed printing fails due to apparmor config with message 'No destination host name supplied by cups-browsed for printer'
On Sat 11 Sep 2021 at 19:48:06 +0200, Florent Rougon wrote: > Hello Brian, > > As I wrote in my previous message, the two lines I quoted from my > /var/log/syslog are from **before the fix** (i.e., before I purged > cups-browsed). My lax reading, Florent. Thanks for the correction. Cheers, Brian.
Bug#990331: reportbug: cups-browsed printing fails due to apparmor config with message 'No destination host name supplied by cups-browsed for printer'
Hello Brian, As I wrote in my previous message, the two lines I quoted from my /var/log/syslog are from **before the fix** (i.e., before I purged cups-browsed). Regards -- Florent
Bug#990331: reportbug: cups-browsed printing fails due to apparmor config with message 'No destination host name supplied by cups-browsed for printer'
On Sat 11 Sep 2021 at 15:48:42 +0200, Florent Rougon wrote: > Hello, Hello Florent, Thank you for your contribution to this report. > I also had the not-very-helpful message from CUPS: The message is actually from cups-browsed. > No destination host name supplied by cups-browsed for printer, is > cups-browsed running? > > Of course, cups-browsed was well running and I even tried to restart it, > also cups.service, etc. The solution I found, before reading this > report, was inspired by this answer: > > https://askubuntu.com/a/1128869 > > Here it is. First some context: the printer is connected to > and printing from first worked, then failed for the *very > same document* in the *very same Okular instance*---I simply wanted to > print two sets of pages from the same document, oh my... > > Solution (everything done on ): > > 1) I purged the cups-browsed package, even though cups-daemon recommends >it. cups-browsed basically provides *auto-setup* of printers and print queues. Many users apprreciate this function. But, of course, it may be purged. I often do not use it, but would not dream of advising other users to do the same, although, like you. I might suggest it. > 2) Then I figured out I needed to do “Delete Printer” from the CUPS web >administration page for the printer (otherwise, trying to do step 3 >would fail with the incomprehensible error message “Unable to add >printer:Cannot change printer-is-shared for remote queues.”—that, >regardless of whether “Share printer” was being checked). > > 3) From the CUPS web administration page: > >Administration → Add Printer → Discovered Network Printers: Brother >DCP-L2550DN (driverless) @ (DCP-L2550DN DCP-L2550DN >series) → ... → Add Printer (the button). > > Finally, I was able to print from . > > Even though this solution is quite different from that proposed by > Gabriel, this may very well be the same issue, because now that I've > found this report, I see that my /var/log/syslog on from > before the fix has entries like: This solution involves setting up a printer manually. It is perfectly acceptable. > Sep 11 13:39:09 localhost kernel: [15658.624326] audit: type=1400 audit(...): > apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6811 > comm="cupsd" capability=12 capname="net_admin" OK. > Sep 11 13:39:09 localhost kernel: [15658.718083] audit: type=1400 audit(...): > apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" > pid=6814 comm="cups-browsed" capability=23 capname="sys_nice" I wouldn't expect this line after cups-browsed has been purged. There isn't an apparmor profile to use. > Hope this helps other people. Regards, It does. -- Brian.
Bug#990331: reportbug: cups-browsed printing fails due to apparmor config with message 'No destination host name supplied by cups-browsed for printer'
Hello, I also had the not-very-helpful message from CUPS: No destination host name supplied by cups-browsed for printer, is cups-browsed running? Of course, cups-browsed was well running and I even tried to restart it, also cups.service, etc. The solution I found, before reading this report, was inspired by this answer: https://askubuntu.com/a/1128869 Here it is. First some context: the printer is connected to and printing from first worked, then failed for the *very same document* in the *very same Okular instance*---I simply wanted to print two sets of pages from the same document, oh my... Solution (everything done on ): 1) I purged the cups-browsed package, even though cups-daemon recommends it. 2) Then I figured out I needed to do “Delete Printer” from the CUPS web administration page for the printer (otherwise, trying to do step 3 would fail with the incomprehensible error message “Unable to add printer:Cannot change printer-is-shared for remote queues.”—that, regardless of whether “Share printer” was being checked). 3) From the CUPS web administration page: Administration → Add Printer → Discovered Network Printers: Brother DCP-L2550DN (driverless) @ (DCP-L2550DN DCP-L2550DN series) → ... → Add Printer (the button). Finally, I was able to print from . Even though this solution is quite different from that proposed by Gabriel, this may very well be the same issue, because now that I've found this report, I see that my /var/log/syslog on from before the fix has entries like: Sep 11 13:39:09 localhost kernel: [15658.624326] audit: type=1400 audit(...): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6811 comm="cupsd" capability=12 capname="net_admin" Sep 11 13:39:09 localhost kernel: [15658.718083] audit: type=1400 audit(...): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=6814 comm="cups-browsed" capability=23 capname="sys_nice" Hope this helps other people. Regards, -- Florent
Bug#990331: reportbug: cups-browsed printing fails due to apparmor config with message 'No destination host name supplied by cups-browsed for printer'
Package: cups-browsed Version: 1.28.7-1 Severity: important Dear Maintainer, I have a Brother printer configured per [1] using cups-browsed. It used to work perfectly, but now fails to print with the same error message as in #887495: > No destination host name supplied by cups-browsed for printer "name", is > cups-browsed running? Note that #887495 is a catch-all without a root cause ever identified, which is why I'm opening a more specific bug for this issue. [1] https://wiki.debian.org/CUPSDriverlessPrinting The cause of my issue lies is app armor config. I noticed the following lines in the logs: juin 22 16:42:55 wiyake audit[638]: AVC apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cups-browsed" pid=638 comm="apparmor_parser" juin 22 16:42:55 wiyake audit[636]: AVC apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=636 comm="apparmor_parser" juin 22 16:42:55 wiyake audit[636]: AVC apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd" pid=636 comm="apparmor_parser" juin 22 16:42:55 wiyake audit[636]: AVC apparmor="STATUS" operation="profile_load" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=636 comm="apparmor_parser" juin 22 16:42:55 wiyake audit[766]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=766 comm="cupsd" capability=12 capname="net_admin" juin 22 16:42:55 wiyake audit[782]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=782 comm="cups-browsed" capability=23 capname="sys_nice" juin 22 16:44:21 wiyake audit[2615]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=2615 comm="cupsd" capability=12 capname="net_admin" juin 22 16:44:21 wiyake audit[2618]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=2618 comm="cups-browsed" capability=23 capname="sys_nice" net_admin sounded suspicious, since the error message mentionned a host name. I then tried the following workaround, originally found for Ubuntu [2]: # apt install apparmor-utils # aa-complain cupsd-browsed # systemctl restart cups-browsed [2] https://askubuntu.com/questions/645636/apparmor-with-cupsd-denied-in-logs It resolved my issue, and my printer immediately started printing the jobs in the queue. The logs now show: juin 25 22:23:06 wiyake audit[221791]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cups-browsed" pid=221791 comm="apparmor_parser" juin 25 22:24:40 wiyake audit[222966]: AVC apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cups-browsed" pid=222966 comm="cups-browsed" capability=23 capname="sys_nice" I'm not sure what exactly needs to be updated in the apparmor config to fix this issue. Note that #988764 is also about apparmor issues, but is marked minor and doesn't seem to block printing. My issue yields to a complete impossibility to print (at least in my use case). I'd be happy to test any fix you could provide. Thanks! Gabriel -- System Information: Debian Release: 11.0 APT prefers testing-security APT policy: (500, 'testing-security'), (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.10.0-7-amd64 (SMP w/4 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cups-browsed depends on: ii cups-daemon 2.3.3op2-3+deb11u1 ii init-system-helpers 1.60 ii libavahi-client3 0.8-5 ii libavahi-common3 0.8-5 ii libavahi-glib1 0.8-5 ii libc62.31-12 ii libcups2 2.3.3op2-3+deb11u1 ii libcupsfilters1 1.28.7-1 ii libglib2.0-0 2.66.8-1 ii libldap-2.4-22.4.57+dfsg-3 ii lsb-base 11.1.0 Versions of packages cups-browsed recommends: ii avahi-daemon 0.8-5 cups-browsed suggests no packages. -- Configuration Files: /etc/apparmor.d/usr.sbin.cups-browsed changed: /usr/sbin/cups-browsed flags=(attach_disconnected, complain) { #include #include #include #include #include /etc/cups/cups-browsed.conf r, /etc/cups/lpoptions r, /etc/cups/ppd/* r, /{var/,}run/cups/certs/* r, /var/cache/cups/* rw, /var/log/cups/* rw, /tmp/** rw, # Site-specific additions and overrides. See local/README for details. #include } -- no debconf information