Same problem here on Debian 11, will try the workaround and hope for the
best. Huge time waste and disappointment though.. :/
Christian Boltz schrieb am Wed 17. Aug, 20:47 (+0200):
> Hello,
>
> denials for capabilty net_admin are often a sign that a service uses
> systemd libraries on startup, and these systemd libraries do funny[tm]
> things. In these cases the net_admin capability is not really needed.
Hi,
yes,
On Wed 17 Aug 2022 at 20:47:24 +0200, Christian Boltz wrote:
> Hello,
>
> denials for capabilty net_admin are often a sign that a service uses
> systemd libraries on startup, and these systemd libraries do funny[tm]
> things. In these cases the net_admin capability is not really needed.
>
>
Hello,
denials for capabilty net_admin are often a sign that a service uses
systemd libraries on startup, and these systemd libraries do funny[tm]
things. In these cases the net_admin capability is not really needed.
See https://bugzilla.opensuse.org/show_bug.cgi?id=1196850#c3 for the
On Mon 25 Jan 2021 at 23:21:20 +, Brian Potkin wrote:
[...]
> Triaging this report, Chris, but my knowledge of apparmor is very
> limited. However, I have a minimal unstable installation (base
> system plus only cups) and can reproduce this behaviour. The last
> line (but not the first)
My printer wouldn't work and I eventually found the aacomplain
workaround in the ubuntu printer debugging docs:
https://wiki.ubuntu.com/DebuggingPrintingProblems#AppArmor_Protection_of_the_printing_system
It really should be fixed. I looked at /etc/apparmor.d/cupsd and there
is quite a lot
Hi,
Brian Potkin (2021-01-25):
>> Jan 23 23:39:29 debian kernel: audit: type=1400 audit(1611445169.589:22):
>> apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=2172
>> comm="cupsd" capability=12>
If cupsd legitimately needs to use the CAP_NET_ADMIN Linux
[capability], then
user pkg-apparmor-t...@lists.alioth.debian.org
usertags #980974 help-needed
thanks
On Sun 24 Jan 2021 at 22:53:00 +, Chris Bainbridge wrote:
> Package: cups
> Version: 2.3.3op1-7
>
> After upgrading to bullseye, TCP connections from cupsd to localhost
> appeared to be blocked:
>
> Jan 23
Package: cups
Version: 2.3.3op1-7
After upgrading to bullseye, TCP connections from cupsd to localhost
appeared to be blocked:
Jan 23 23:39:29 debian audit[2172]: AVC apparmor="DENIED"
operation="capable" profile="/usr/sbin/cupsd" pid=2172 comm="cupsd"
capability=12 capname="net_admin"
Jan 23
9 matches
Mail list logo