For what it's worth, this is still happening with noble.
Since the shipped /etc/apparmor.d/usr.sbin.cups-browsed fortunately
specifies "#include ", this can be worked
around without causing further headaches by adding the following to
/etc/apparmor.d/local/usr.sbin.cups-browsed (create that file if for
some reason it doesn't exist):
/etc/gnutls/config r,
and reloading the profiles via
systemctl reload apparmor
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/2028459
Title:
cups apparmor: read access to /etc/gnutls/config
Status in cups package in Ubuntu:
Confirmed
Bug description:
The gnutls library has an optional configuration file in
/etc/gnutls/config. This file is not shipped by the Ubuntu packaging,
but it can be created by an user wanting to configure certain aspects
of gnutls.
When the file exists, gnutls functions might trigger an access to it,
and this is happening with cups in my system:
jul 23 14:44:35 nsnx2 kernel: audit: type=1400
audit(1690134275.356:574): apparmor="DENIED" operation="open"
class="file" profile="/usr/sbin/cupsd" name="/etc/gnutls/config"
pid=11222 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
jul 23 14:44:35 nsnx2 kernel: audit: type=1400
audit(1690134275.376:576): apparmor="DENIED" operation="open"
class="file" profile="/usr/sbin/cups-browsed"
name="/etc/gnutls/config" pid=11224 comm="cups-browsed"
requested_mask="r" denied_mask="r" fsuid=121 ouid=0
$ l /etc/gnutls/config
-rw-r--r-- 1 root root 38 jun 15 18:44 /etc/gnutls/config
$ apt-cache policy cups
cups:
Installed: 2.4.2-3ubuntu2.2
Candidate: 2.4.2-3ubuntu2.2
Version table:
2.4.2-3ubuntu2.3 100
100 http://br.archive.ubuntu.com/ubuntu lunar-proposed/main amd64
Packages
*** 2.4.2-3ubuntu2.2 500
500 http://br.archive.ubuntu.com/ubuntu lunar-updates/main amd64
Packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/2028459/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp