[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

800+ messages... in Bookworm sid upgrade... "[234924.337737] audit: type=1400 audit(1679493163.749:15848): apparmor="DENIED" operation="create" info="failed type and protocol match" error=-13 profile="/usr/sbin/cupsd" pid=245683 comm="cupsd" family="unix" sock_type="dgram" protocol=0

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

I'm seeing this problem in Lubuntu 20.04. The system discovered my network printer automatically. (It chose A4 paper size, but I am in the US and use letter size. Changing to letter didn't matter for this problem.) When I print an error message pops up: "cups-pki-expired." In the logs, I see

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: apparmor (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

I don't think we have such a capability right now in snapd. If you locally modify the snap-confine profile, it will be rewritten on at least core refreshes (and reboots as well if I'm not mistaken), so it sounds like we need some mechanism to specify additional rules to be included in the

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Thu, Feb 28, 2019 at 04:08:09AM -, Edson José dos Santos wrote: > edson@edson-p6540br:~$ dmesg | grep DENIED > [ 58.334359] audit: type=1400 audit(1551326278.953:59): apparmor="DENIED" > operation="open" profile="/usr/lib/snapd/snap-confine" > name="/opt/eset/esets/lib/libesets_pac.so"

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi Arnold The apparmour error message at startup of the ubuntu disk has disappeared. The only messages that appear in Eset's event log are these lines below: 28/02/2019 00:57:54 Media control access Unable to unlock removable media (org.freedesktop.udisks2.filesystem-mount) 28/02/2019 00:56:39

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi Arnold It looks like this: /tmp/esets.sock rw, /etc/opt/eset/ r, /etc/opt/eset/** r, /opt/eset/esets/lib/** mr, unix, Ao tentar salvar apareceu a mensage abaixo: dson@edson-p6540br:~$ sudo su [sudo] senha para edson: root@edson-p6540br:/home/edson# gedit malloc_consolidate(): invalid

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Thu, Feb 28, 2019 at 03:04:00AM -, Edson José dos Santos wrote: > Hello Arnold > unix, (connect, send, receive) peer = (addr="@2F746D702F65736574732E736F636B00*"), Excellent, here's the mistake. Remove everything after the comma: unix, Then try the reboot again. -- You received

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Arnold As requested: # Workaround https://launchpad.net/bugs/359338 until upstream handles stacked # filesystems generally. This does not appreciably decrease security with # Ubuntu profiles because the user is expected to have access to files owned # by him/her. Exceptions to

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Wed, Feb 27, 2019 at 12:59:14PM -, Edson José dos Santos wrote: > Hi, Arnold > > At startup the error message is appearing in apparmor and I would like > to know how to generate a log to introduce them to you or just the boot > boot log. In the absence of this I got this other log, where

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi Arnold I got the apparmor log showing boot error. Wed Feb 27 09:24:41 -03 2019 [ OK ] Started Show Plymouth Boot Screen. [ OK ] Started Forward Password R…s to Plymouth Directory Watch. [ OK ] Reached

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

After some initialization, this message only appears below in the ESET event log. Look: 22/02/2019 08:14:13 Media control access Can not unblock removable media (org.freedesktop.udisks2.filesystem-mount) The rest are gone :) Waiting for new instructions Thank you -- You received this bug

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello snapd friends, Edson has an antivirus tool that requires all processes have write access to a unix domain socket. Adding a rule to /etc/apparmor.d/abstractions/base addressed many profiles but not snapd's snap-confine profile. What's the mechanism for admins to add local rules to this file?

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

I restarted and rephased the procedure and says that the apparmor can not recharge. Look: edson@edson-p6540br:~$ sudo su [sudo] senha para edson: root@edson-p6540br:/home/edson# gedit malloc_consolidate(): invalid chunk size Abortado (imagem do núcleo gravada) root@edson-p6540br:/home/edson#

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi, Arnold It includes the comma in the line after the unix as requested, but appeared error message at the time of applying sudo /etc/init.d/apparmor reload unix, (connect, send, receive) peer = (addr="@2F746D702F65736574732E736F636B00*"), edson@edson-p6540br:~$ sudo su [sudo] senha para

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi Edson.. so, the last idea I've got is: unix, in /etc/apparmor.d/abstractions/base Do the usual reload, and reboot if it worked, dance. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi guys Waiting for new instructions Thank you -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1571531 Title: cupsd cause apparmor denials for /etc/ld.so.preload

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Using this line ( unix (connect, send, receive) peer = (addr="@2F746D702F65736574732E736F636B00*"), ) with the comma in the end, still continues the Eset AV messages after reboot: 18/02/2019 14:36:12 Preload library access control Cannot connect to /tmp/esets.sock: Permission denied

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Yes and with the comma in the end, equal to the first request. Look: etc/opt/eset/ r, /etc/opt/eset/** r, /opt/eset/esets/lib/** mr, unix (connect, send, receive) peer=(addr="@2F746D702F65736574732E736F636B00*"), The second request was as follows: unix (connect, send, receive) peer

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

> unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736574732E736F636B00 *") Did you really use exactly this line (with "@_space_2F...B00_space_*")? If so, please try again without the spaces. -- You received this bug notification because you are a member of Ubuntu Touch seeded

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Mon, Feb 18, 2019 at 02:45:16PM -, Edson José dos Santos wrote: > Line replaced successfully: > > From: unix (connect, send, receive) > peer=(addr="@2F746D702F65736574732E736F636B00*"), > > To: unix (connect, send, receive) peer = (addr = "@ > 2F746D702F65736574732E736F636B00 *"), Ah,

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Olá Arnold I refined the procedure again and this time, everything OK edson@edson-p6540br:~$ sudo su [sudo] senha para edson: root@edson-p6540br:/home/edson# gedit malloc_consolidate(): invalid chunk size Abortado (imagem do núcleo gravada) root@edson-p6540br:/home/edson# sudo

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Line replaced successfully: From: unix (connect, send, receive) peer=(addr="@2F746D702F65736574732E736F636B00*"), To: unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736574732E736F636B00 *"), At the moment of saving with: sudo /etc/init.d/apparmor reload the procedure failed and I

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Mon, Feb 18, 2019 at 01:26:02PM -, Edson José dos Santos wrote: > Is it the same correct procedure? > > /etc/apparmor.d/abstractions/base file: > > unix (connect, send, receive) peer = (addr = "@ > 2F746D702F65736574732E736F636B00 *") > > Then sudo /etc/init.d/apparmor reload > If that

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hi Arnold, Is it the same correct procedure? /etc/apparmor.d/abstractions/base file: unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736574732E736F636B00 *") Then sudo /etc/init.d/apparmor reload If that appeared to work fine, then reboot. Thanks -- You received this bug

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Alright, I don't know why that line didn't work. Replace it with this one: unix, it's a lot more open than I'd like, but I don't know why the more specific rule didn't work. So, lets try this. Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Arnold Are all those messages after adding this rule to your abstractions/base? Answer: EXACT What to do with this low line? unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736574732E736F636B00 *") Is she the problem? Thanks -- You received this bug notification because

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Arnold Are all those messages after adding this rule to your abstractions/base? Answer: EXACT What to do with this low line? unix (connect, send, receive) peer = (addr = "@ 2F746D702F65736574732E736F636B00 *") Is she the problem? Thanks -- You received this bug notification because

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, Are all those messages after adding this rule to your abstractions/base? unix (connect, send, receive) peer=(addr="@2F746D702F65736574732E736F636B00*"), Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Arnold Follow the requested This time the entries denied decreased. edson@edson-p6540br:~$ dmesg | grep DENIED [ 47.001504] audit: type=1400 audit(1550314461.617:39): apparmor="DENIED" operation="connect" profile="/usr/sbin/cups-browsed" pid=1126 comm="cups-browsed" family="unix"

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, thanks for the reply; can you re-run this command and paste back the results? dmesg | grep DENIED Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu.

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

** Attachment added: "procedure in the terminal" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1571531/+attachment/5239001/+files/Captura%20de%20tela%20de%202019-02-16%2000-51-39.png -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Status after reboot 16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 206 16/02/2019 01:22:13 Preload library access control Unknown opened directory on descriptor 232 16/02/2019 01:22:13 Preload library access control Unknown

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

** Attachment added: "Status before reboot" https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1571531/+attachment/5239002/+files/Captura%20de%20tela%20de%202019-02-16%2001-13-34.png -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Arnold I followed his indication, but the denied permission messages continue, before and after the reboot. Follow the texts and the images so that you can analyze them. edson@edson-p6540br:~$ sudo su [sudo] senha para edson: root@edson-p6540br:/home/edson# gedit malloc_consolidate():

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, Please add these lines to your /etc/apparmor.d/abstractions/base file: /etc/opt/eset/ r, /etc/opt/eset/** r, /opt/eset/esets/lib/** mr, unix (connect, send, receive) peer=(addr="@2F746D702F65736574732E736F636B00*"), Then sudo /etc/init.d/apparmor reload If that appeared

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Follow the requested Arnold edson@edson-p6540br:~$ dmesg | grep DENIED [ 30.061074] audit: type=1400 audit(1550265434.681:39): apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd" name="/etc/opt/eset/esets/info/pkgid" pid=1029 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=0

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Edson, what's the output of: dmesg | grep DENIED Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to apparmor in Ubuntu. https://bugs.launchpad.net/bugs/1571531 Title: cupsd cause apparmor denials for

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Arnold I followed the request, but I did not succeed. The messages continue (!) See: 15/02/2019 19:20:24Preload library access control Cannot connect to /tmp/esets.sock: Permission denied 15/02/2019 19:19:53 Preload library access control Cannot connect to

Re: [Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

On Sat, Nov 10, 2018 at 06:35:10PM -, Edson José dos Santos wrote: > How do I run this: "/tmp/esets.sock rw" since Eset is already installed? > > The same happens to this: to the /etc/apparmor.d/abstractions/base file > and run: > > This I run it: sudo systemctl reload apparmor > > I am a

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Hello Seth Arnold How do I run this: "/tmp/esets.sock rw" since Eset is already installed? The same happens to this: to the /etc/apparmor.d/abstractions/base file and run: This I run it: sudo systemctl reload apparmor I am a beginner and linux and if this happens the error messages will

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Edson, you have a different issue. If you want to use ESET then you should add: /tmp/esets.sock rw, to the /etc/apparmor.d/abstractions/base file and run: sudo systemctl reload apparmor Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded packages,

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Estou com o mesmo problema no Ubuntu 18.10 Cosmic apos instalação do Eset para Linux 4.90 I'm having the same problem with Ubuntu 18.10 Cosmic after installing Eset for Linux 4.90 Segue os logs: 09/11/2018 00:14:11Preload library access control Cannot connect to /tmp/esets.sock:

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Seth, this means then that this is an AppArmor bug and not a CUPS bug. Moving ... ** Package changed: cups (Ubuntu) => apparmor (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Jamie, note that we added /etc/ld.so.preload to in the upstream project: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3497 It's a pity AppArmor SRUs take so much effort. :( Thanks -- You received this bug notification because you are a member of Ubuntu Touch seeded

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

/etc/ld.so.preload should be a site-specific file (ie, it shouldn't come from Ubuntu). I wouldn't want to break people by adding an explicit deny, but I'd prefer users encountering this to update their /etc/apparmor.d/local/usr.sbin.cupsd file to have: /etc/ld.so.preload r, Or if people just

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

OdyX, Jamie, Marc, should we simply allow cupsd accessing /etc/ld.so.preload? Or are there any security reasons against it? If there are reasons against it, how can we silence these messages? -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

It happened after I installed ESET Node32. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1571531 Title: cupsd cause apparmor denials for /etc/ld.so.preload Status in cups

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

Same here -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1571531 Title: cupsd cause apparmor denials for /etc/ld.so.preload Status in cups package in Ubuntu: New Bug

[Touch-packages] [Bug 1571531] Re: cupsd cause apparmor denials for /etc/ld.so.preload

** Summary changed: - cupds cause apparmor denials for /etc/ld.so.preload + cupsd cause apparmor denials for /etc/ld.so.preload -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu.