[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Reopening this issue as I am still observing the net_admin denial in jammy. ** Changed in: cups (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Confirmed Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules: nvidia_uvm
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Where/what file are you adding net_admin caps too? I would not expect modifying the cups profile to affect the default media player. Can you look for apparmor="DENIED" messages in your log? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Like napsty above, I'm using LM 19.3. I fixed the problem with printing by adding the "net_admin caps" correction, per Jamie. That worked fine, but now the default media player in LM 19.3 won't play mpg4 video files. If I remove the "net_admin caps" correction, the ability to play mpg4 files is restored. Suggestions? Thanks! Joe Henley -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin"
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
@skliarie, your pasted log message is actually a different issue, and I just reported https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369 for it. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules:
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Same happens in 18.04 (Linux Mint 19.3). Needed to manually add the net_admin caps as mentioned by Jamie. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Looks like the same error in ubuntu 20.04: Jun 5 00:00:07 cmdesk01 kernel: [4025941.209572] audit: type=1400 audit(1591304407.264:388): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=1792223 comm="cups-browsed" capability=23 capname="sys_nice" -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
I'm seeing this in 19.10 as well. Good to know it's gone for at least two years without being fixed, way to go Canonical! -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
I'm seeing this in Ubuntu 18.04 as well. I have 2 printers configured an HP LaserJet p4015 and a Canon ImageRunner C5030. kernel: [35100.990629] audit: type=1400 audit(1536755161.327:158): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=15321 comm="cupsd" capability=12 capname="net_admin" -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
I finally got to check the status of this on Ubuntu 17.04. Same computer but upgraded ubuntu. Print from LibreOffice gave this in log (dmesg): [491184.232027] audit: type=1400 audit(1496903835.766:41): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=21237 comm="lpd" capability=12 capname="net_admin" Applying the workaround resulted in no apperrors in dmesg. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd"
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
In the meantime, users can workaround this by adjusting /etc/apparmor.d/local/usr.sbin.cupsd to have: capability net_admin, and then reloading the profile with: $ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.cupsd -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
@Till, see 'man 7 capabilities' for what net_admin grants. We need to understand why the access is needed before granting it. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Meanwhile I've upgraded the computer to 17.04, but I have not checked the presence of the bug after the upgrade. I will check tomorrow when I get access to the computer. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
I do not exactly why lpadmin needs this capability, I even do not know which actions are covered by net_admin. What I know about the LPD backend is that it accesses the printer through port 515 and it is possible that the backend accesses the printer via SNMP in addition. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
[Expired for cups (Ubuntu) because there has been no activity for 60 days.] ** Changed in: cups (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Expired Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules: nvidia_uvm
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
net_admin is a very powerful capability. What is lpd trying to do? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Incomplete Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64 NonfreeKernelModules: nvidia_uvm nvidia_drm nvidia_modeset nvidia ApportVersion: 2.20.3-0ubuntu8.2
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Sorry, picked up the wrong names. Jamie, Marc, could you help me concerning how to add the "net_admin" capability to the "lpd" CUPS backend (see previous comment)? -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Incomplete Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
According to this line Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" the CUPS "lpd" bacjend (/usr/lib/cups/backend/lpd) needs the "net_admin" capability. xnox, slangasek, could you tell me where it is best to add this capability in /etc/apparmor.d/usr.sbin.cupsd? Thanks. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Incomplete Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED"
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
This was raised from the C308 printer, which I just had installed. The C650 was the old printer that we got, and I _think_ printing was working on that machine. -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Incomplete Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64
[Desktop-packages] [Bug 1660316] Re: apparmor denial of CUPS
Which print queue failed with active AppArmor? KONICA- MINOLTA-C650-Series or Minolta-C308 or both? ** Changed in: cups (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1660316 Title: apparmor denial of CUPS Status in cups package in Ubuntu: Incomplete Bug description: Printing is enabled when doing sudo aa-complain cupsd Here is an extract of /var/log/syslog: Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929457] audit: type=1400 audit(1485776519.269:37): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.929744] audit: type=1400 audit(1485776519.269:38): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6932 comm="apparmor_parser" Jan 30 12:41:59 dag-TS-P500 kernel: [ 868.945422] audit: type=1400 audit(1485776519.285:39): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6932 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817070] audit: type=1400 audit(1485776530.158:40): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.817342] audit: type=1400 audit(1485776530.158:41): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=6941 comm="apparmor_parser" Jan 30 12:42:10 dag-TS-P500 kernel: [ 879.837254] audit: type=1400 audit(1485776530.178:42): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=6941 comm="apparmor_parser" Jan 30 12:42:16 dag-TS-P500 zeitgeist-datah[3706]: downloads-directory-provider.vala:120: Couldn't process /home/dag/.glvndcEQzqA: Error when getting information for file '/home/dag/.glvndcEQzqA': No such file or directory Jan 30 12:42:23 dag-TS-P500 dbus[996]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' Jan 30 12:42:23 dag-TS-P500 systemd[1]: Starting Hostname Service... Jan 30 12:42:24 dag-TS-P500 dbus[996]: [system] Successfully activated service 'org.freedesktop.hostname1' Jan 30 12:42:24 dag-TS-P500 systemd[1]: Started Hostname Service. Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400 audit(1485776546.086:43): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12 capname="net_admin" Jan 30 12:42:54 dag-TS-P500 systemd[1]: Starting Cleanup of Temporary Directories... Jan 30 12:42:54 dag-TS-P500 systemd-tmpfiles[6973]: [/usr/lib/tmpfiles.d/var.conf:14] Duplicate line for path "/var/log", ignoring. Jan 30 12:42:54 dag-TS-P500 systemd[1]: Started Cleanup of Temporary Directories. Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.OneConf' Jan 30 12:44:03 dag-TS-P500 com.ubuntu.OneConf[2707]: WARNING:oneconf.hosts:Error in loading other_hosts file: [Errno 2] No such file or directory: '/home/dag/.cache/oneconf/d2fc3bf30c9f4976b441a8f14de53bda/other_hosts' Jan 30 12:44:23 dag-TS-P500 dbus-daemon[2707]: Activating service name='com.ubuntu.sso' Jan 30 12:44:24 dag-TS-P500 dbus-daemon[2707]: Successfully activated service 'com.ubuntu.sso' Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.685842] audit: type=1400 audit(1485776751.028:44): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.686099] audit: type=1400 audit(1485776751.028:45): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=7024 comm="apparmor_parser" Jan 30 12:45:51 dag-TS-P500 kernel: [ 1100.700446] audit: type=1400 audit(1485776751.044:46): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd//third_party" pid=7024 comm="apparmor_parser" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940891] audit: type=1400 audit(1485776757.284:47): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" Jan 30 12:45:57 dag-TS-P500 kernel: [ 1106.940938] audit: type=1400 audit(1485776757.284:48): apparmor="ALLOWED" operation="capable" profile="/usr/sbin/cupsd" pid=7031 comm="lpd" capability=12 capname="net_admin" ProblemType: Bug DistroRelease: Ubuntu 16.10 Package: cups 2.2.0-2 ProcVersionSignature: Ubuntu 4.8.0-34.36-generic 4.8.11 Uname: Linux 4.8.0-34-generic x86_64
