[Touch-packages] [Bug 1454463] Re: CUPS not allowed to mknod to /var/log by apparmor
Thanks, that was it. Apologies for this turning out to be a 'support' question, not a bug. I was so sure. I'm not used to symlinks breaking things in unix, so I didn't even suspect my moving of /var was a problem. My / is an SSD so I don't want logs writing to it. /data is a HDD. Thanks again. ** Changed in: cups (Ubuntu) Status: Incomplete = Invalid ** Converted to question: https://answers.launchpad.net/ubuntu/+source/cups/+question/266866 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1454463 Title: CUPS not allowed to mknod to /var/log by apparmor Status in cups package in Ubuntu: Invalid Bug description: I have a two-machine network, both running 14.04.1 but mostly updated. CUPS version is 1.7.2-0ubuntu1 Machine A - has printer attached Machine B - printing to A doesn't work via CUPS I cannot print to the CUPS-managed printer attached to A from B, except with a few apps which see the printer directly via avahi (e.g. Evince). I can print to the printer from A. /var/log/syslog on B shows: ay 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.441374] type=1400 audit(1431474629.549:811): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/cache/cups/job.cache.N pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441421] type=1400 audit(1431474629.549:813): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=7814 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441444] type=1400 audit(1431474629.549:814): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.706282] type=1400 audit(1431474629.817:815): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/lib/cups/backend/cups-pdf pid=16874 comm=apparmor_parser May 13 09:50:29 server kernel: [47923.706551] type=1400 audit(1431474629.817:816): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/sbin/cupsd pid=16874 comm=apparmor_parser May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/access_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/page_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.710922] type=1400 audit(1431474629.821:817): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/access_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710931] type=1400 audit(1431474629.821:818): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=16884 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710964] type=1400 audit(1431474629.821:819): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd
[Touch-packages] [Bug 1454463] Re: CUPS not allowed to mknod to /var/log by apparmor
Great, I'm glad that was it! Have fun. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1454463 Title: CUPS not allowed to mknod to /var/log by apparmor Status in cups package in Ubuntu: Invalid Bug description: I have a two-machine network, both running 14.04.1 but mostly updated. CUPS version is 1.7.2-0ubuntu1 Machine A - has printer attached Machine B - printing to A doesn't work via CUPS I cannot print to the CUPS-managed printer attached to A from B, except with a few apps which see the printer directly via avahi (e.g. Evince). I can print to the printer from A. /var/log/syslog on B shows: ay 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.441374] type=1400 audit(1431474629.549:811): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/cache/cups/job.cache.N pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441421] type=1400 audit(1431474629.549:813): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=7814 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441444] type=1400 audit(1431474629.549:814): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.706282] type=1400 audit(1431474629.817:815): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/lib/cups/backend/cups-pdf pid=16874 comm=apparmor_parser May 13 09:50:29 server kernel: [47923.706551] type=1400 audit(1431474629.817:816): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/sbin/cupsd pid=16874 comm=apparmor_parser May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/access_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/page_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.710922] type=1400 audit(1431474629.821:817): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/access_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710931] type=1400 audit(1431474629.821:818): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=16884 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710964] type=1400 audit(1431474629.821:819): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/access_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710985] type=1400 audit(1431474629.821:820): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 Google search yields similar but significantly different (and ancient) bugs. For example
[Touch-packages] [Bug 1454463] Re: CUPS not allowed to mknod to /var/log by apparmor
** Description changed: I have a two-machine network, both running 14.04.1 but mostly updated. + CUPS version is 1.7.2-0ubuntu1 - I cannot print to the remote CUPS-managed printer, except with a few - apps which see the printers directly via avahi (e.g. Evince). + Machine A - has printer attached + Machine B - printing to A doesn't work via CUPS - I can print to the printer from the machine local to the printer. + I cannot print to the CUPS-managed printer attached to A from B, except + with a few apps which see the printer directly via avahi (e.g. Evince). + I can print to the printer from A. - /var/log/syslog on the remote machine shows: + /var/log/syslog on B shows: ay 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.441374] type=1400 audit(1431474629.549:811): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/cache/cups/job.cache.N pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441421] type=1400 audit(1431474629.549:813): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=7814 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441444] type=1400 audit(1431474629.549:814): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.706282] type=1400 audit(1431474629.817:815): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/lib/cups/backend/cups-pdf pid=16874 comm=apparmor_parser May 13 09:50:29 server kernel: [47923.706551] type=1400 audit(1431474629.817:816): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/sbin/cupsd pid=16874 comm=apparmor_parser May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/access_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/page_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.710922] type=1400 audit(1431474629.821:817): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/access_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710931] type=1400 audit(1431474629.821:818): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=16884 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710964] type=1400 audit(1431474629.821:819): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/access_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.710985] type=1400 audit(1431474629.821:820): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 - - Google search yields similar but significantly different bugs, and from years ago. + Google search yields similar but significantly different (and
[Touch-packages] [Bug 1454463] Re: CUPS not allowed to mknod to /var/log by apparmor
I noticed the following error early in the logs: May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 This looks a lot like you have a symlink from /var to /data/var -- is this correct? what other symlinks do you have on your system? You can rewrite apparmor policy in a single place to handle these kinds of symlinks using the 'alias' directive; put lines like: alias /var/ - /data/var/ into your /etc/apparmor.d/tunables/alias file and then reload policies with apparmor_parser --replace /etc/apparmor.d/ Then restart cups and see if it is allowed to access its logs again. Thanks ** Changed in: cups (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1454463 Title: CUPS not allowed to mknod to /var/log by apparmor Status in cups package in Ubuntu: Incomplete Bug description: I have a two-machine network, both running 14.04.1 but mostly updated. CUPS version is 1.7.2-0ubuntu1 Machine A - has printer attached Machine B - printing to A doesn't work via CUPS I cannot print to the CUPS-managed printer attached to A from B, except with a few apps which see the printer directly via avahi (e.g. Evince). I can print to the printer from A. /var/log/syslog on B shows: ay 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.441374] type=1400 audit(1431474629.549:811): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/cache/cups/job.cache.N pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441421] type=1400 audit(1431474629.549:813): apparmor=DENIED operation=chown profile=/usr/sbin/cupsd name=/data/var/log/cups/ pid=7814 comm=cupsd requested_mask=w denied_mask=w fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.441444] type=1400 audit(1431474629.549:814): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/error_log pid=7814 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server kernel: [47923.706282] type=1400 audit(1431474629.817:815): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/lib/cups/backend/cups-pdf pid=16874 comm=apparmor_parser May 13 09:50:29 server kernel: [47923.706551] type=1400 audit(1431474629.817:816): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/sbin/cupsd pid=16874 comm=apparmor_parser May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/access_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/page_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server cupsd: Unable to change ownership of /var/log/cups - Permission denied May 13 09:50:29 server cupsd: Unable to open log file /var/log/cups/error_log - Permission denied May 13 09:50:29 server kernel: [47923.710922] type=1400 audit(1431474629.821:817): apparmor=DENIED operation=mknod profile=/usr/sbin/cupsd name=/data/var/log/cups/access_log pid=16884 comm=cupsd requested_mask=c denied_mask=c fsuid=0 ouid=0 May 13 09:50:29 server