subject:"Bug#988764\: cups\-browsed\: apparmor blocks access to \/usr\/share\/\{cups\/,\}\/locale"

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

2021-05-21 Thread Mike Gabriel


Hi OdyX,

On  Fr 21 Mai 2021 16:45:46 CEST, Didier 'OdyX' Raboud wrote:


Le vendredi, 21 mai 2021, 16.26:12 h CEST Mike Gabriel a écrit :

Basically, why not? It clutters syslog. It probably won't have
functional consequences, but still...


Well. At this point of the freeze, I'd rather not burden the release  
team with

such a non-"critical, grave, or serious" bug.

https://lists.debian.org/debian-devel-announce/2021/05/msg0.html was 19
days ago, and has

As the release draws nearer, fixes for non-RC bugs which do not affect a
package's general usability will increasingly be deferred or rejected.


Feel free to ask if you feel strongly enough about this, I'll upload if it's
accepted!

Cheers,
--
OdyX


alright then. Minor issue.

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpcZXK1IMoWj.pgp
Description: Digitale PGP-Signatur

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

2021-05-21 Thread Mike Gabriel


Hi OdyX,

On  Fr 21 Mai 2021 15:59:04 CEST, Didier 'OdyX' Raboud wrote:


Control: tags -1 +pending

Hello Mike, and thanks for your patch-provided bugreport.

Le mercredi, 19 mai 2021, 12.33:10 h CEST Mike Gabriel a écrit :

With CUPS on buster and bullseye I see these messages in /var/log/syslog:

May 19 12:26:12 server03 kernel: [4563725.605605] audit: type=1400
audit(1621419972.056:193): apparmor="DENIED" operation="open"
profile="/usr/sbin/cups-browsed" name="/usr/share/cups/locale/"
pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
May 19 12:26:12 server03 kernel: [4563725.606138] audit: type=1400
audit(1621419972.056:194): apparmor="DENIED" operation="open"
profile="/usr/sbin/cups-browsed" name="/usr/share/locale/" pid=17771
comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 12:27:08 server03 systemd[1]: cups-browsed.service: Succeeded.


These error messages / folder access blocks can be amended by this
change in /etc/apparmor.d/usr.sbin.cups-browsed: (…)


I'll upload to experimental in a moment. I assume it doesn't warrant rising
severity and aiming at Bullseye, right?


Basically, why not? It clutters syslog. It probably won't have  
functional consequences, but still...


Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgp9cQnOQ9DBe.pgp
Description: Digitale PGP-Signatur

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

2021-05-21 Thread Didier 'OdyX' Raboud

Le vendredi, 21 mai 2021, 16.26:12 h CEST Mike Gabriel a écrit :
> Basically, why not? It clutters syslog. It probably won't have
> functional consequences, but still...

Well. At this point of the freeze, I'd rather not burden the release team with 
such a non-"critical, grave, or serious" bug.

https://lists.debian.org/debian-devel-announce/2021/05/msg0.html was 19 
days ago, and has
> As the release draws nearer, fixes for non-RC bugs which do not affect a
> package's general usability will increasingly be deferred or rejected.

Feel free to ask if you feel strongly enough about this, I'll upload if it's 
accepted!

Cheers,
-- 
OdyX

signature.asc
Description: This is a digitally signed message part.

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

2021-05-21 Thread Didier 'OdyX' Raboud

Control: tags -1 +pending

Hello Mike, and thanks for your patch-provided bugreport.

Le mercredi, 19 mai 2021, 12.33:10 h CEST Mike Gabriel a écrit :
> With CUPS on buster and bullseye I see these messages in /var/log/syslog:
> 
> May 19 12:26:12 server03 kernel: [4563725.605605] audit: type=1400
> audit(1621419972.056:193): apparmor="DENIED" operation="open"
> profile="/usr/sbin/cups-browsed" name="/usr/share/cups/locale/"
> pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r"
> fsuid=0 ouid=0
> May 19 12:26:12 server03 kernel: [4563725.606138] audit: type=1400
> audit(1621419972.056:194): apparmor="DENIED" operation="open"
> profile="/usr/sbin/cups-browsed" name="/usr/share/locale/" pid=17771
> comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> May 19 12:27:08 server03 systemd[1]: cups-browsed.service: Succeeded.
> 
> 
> These error messages / folder access blocks can be amended by this
> change in /etc/apparmor.d/usr.sbin.cups-browsed: (…)

I'll upload to experimental in a moment. I assume it doesn't warrant rising 
severity and aiming at Bullseye, right?

Best,
OdyX

signature.asc
Description: This is a digitally signed message part.

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

2021-05-19 Thread Mike Gabriel


Package: cups-browsed
Version: 1.28.7-1
Severity: normal
Tags: patch

With CUPS on buster and bullseye I see these messages in /var/log/syslog:

May 19 12:26:12 server03 kernel: [4563725.605605] audit: type=1400  
audit(1621419972.056:193): apparmor="DENIED" operation="open"  
profile="/usr/sbin/cups-browsed" name="/usr/share/cups/locale/"  
pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r"  
fsuid=0 ouid=0
May 19 12:26:12 server03 kernel: [4563725.606138] audit: type=1400  
audit(1621419972.056:194): apparmor="DENIED" operation="open"  
profile="/usr/sbin/cups-browsed" name="/usr/share/locale/" pid=17771  
comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

May 19 12:27:08 server03 systemd[1]: cups-browsed.service: Succeeded.


These error messages / folder access blocks can be amended by this  
change in /etc/apparmor.d/usr.sbin.cups-browsed:


```
diff --git a/apparmor.d/usr.sbin.cups-browsed  
b/apparmor.d/usr.sbin.cups-browsed

index 4cf9301..cb78f2d 100644
--- a/apparmor.d/usr.sbin.cups-browsed
+++ b/apparmor.d/usr.sbin.cups-browsed
@@ -10,6 +10,8 @@
   /etc/cups/cups-browsed.conf r,
   /etc/cups/lpoptions r,
   /etc/cups/ppd/* r,
+  /usr/share/cups/locale/ r,
+  /usr/share/locale/ r,
   /{var/,}run/cups/certs/* r,
   /var/cache/cups/* rw,
   /var/log/cups/* rw,
```

Greets,
Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de



pgpnRvveMFGDJ.pgp
Description: Digitale PGP-Signatur

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale

5 matches

Site Navigation

Mail list logo

Footer information