Public bug reported:
The SRU of apparmor stacking for the Ubuntu 16.04 LTS kernel causes a
regression in cups-browsed (shipped by cups) which now fails to start
and gets respawned in a loop by systemd until it completely gives up.
To reproduce:
- lxc launch ubuntu:16.04 xen
- lxc exec xen -- apt update
- lxc exec xen -- apt dist-upgrade -y
- lxc exec xen -- apt install cups -y
You'll get:
root@xen:~# systemctl status cups-browsed
● cups-browsed.service - Make remote CUPS printers available locally
Loaded: loaded (/lib/systemd/system/cups-browsed.service; enabled; vendor
preset: enabled)
Active: failed (Result: signal) since Thu 2017-01-12 14:09:38 UTC; 8min ago
Main PID: 7725 (code=killed, signal=SEGV)
Jan 12 14:09:38 xen systemd[1]: Started Make remote CUPS printers available
locally.
Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Main process exited,
code=killed, status=11/SEGV
Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Unit entered failed state.
Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Failed with result
'signal'.
And in dmesg (in a loop):
[95217.312576] audit: type=1400 audit(1484230171.171:1004): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/lib/cups/backend/cups-pdf" pid=16941 comm="apparmor_parser"
[95217.313011] audit: type=1400 audit(1484230171.171:1005): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/sbin/cupsd" pid=16941 comm="apparmor_parser"
[95217.313202] audit: type=1400 audit(1484230171.171:1006): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/sbin/cupsd//third_party" pid=16941 comm="apparmor_parser"
[95218.126005] audit: type=1400 audit(1484230171.983:1007): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17074
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95218.126018] audit: type=1400 audit(1484230171.983:1008): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17074
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95222.686493] audit: type=1400 audit(1484230176.542:1009): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17553
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95222.686624] audit: type=1400 audit(1484230176.542:1010): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17553
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95224.324494] audit: type=1400 audit(1484230178.182:1011): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/sbin/cups-browsed" pid=17681 comm="apparmor_parser"
[95224.610016] audit: type=1400 audit(1484230178.466:1012): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cups-browsed" name="/run/systemd/journal/stdout" pid=17765
comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=100000
ouid=100000
[95224.610029] audit: type=1400 audit(1484230178.466:1013): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cups-browsed" name="/run/systemd/journal/stdout" pid=17765
comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=100000
ouid=100000
[95224.610046] audit: type=1400 audit(1484230178.466:1014): apparmor="DENIED"
operation="file_mmap" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cups-browsed" name="/usr/sbin/cups-browsed" pid=17765
comm="cups-browsed" requested_mask="rm" denied_mask="rm" fsuid=100000
ouid=100000
** Affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1655982
Title:
cups-browsed fails to start in containers after apparmor stacking
backport to xenial
Status in apparmor package in Ubuntu:
New
Bug description:
The SRU of apparmor stacking for the Ubuntu 16.04 LTS kernel causes a
regression in cups-browsed (shipped by cups) which now fails to start
and gets respawned in a loop by systemd until it completely gives up.
To reproduce:
- lxc launch ubuntu:16.04 xen
- lxc exec xen -- apt update
- lxc exec xen -- apt dist-upgrade -y
- lxc exec xen -- apt install cups -y
You'll get:
root@xen:~# systemctl status cups-browsed
● cups-browsed.service - Make remote CUPS printers available locally
Loaded: loaded (/lib/systemd/system/cups-browsed.service; enabled; vendor
preset: enabled)
Active: failed (Result: signal) since Thu 2017-01-12 14:09:38 UTC; 8min ago
Main PID: 7725 (code=killed, signal=SEGV)
Jan 12 14:09:38 xen systemd[1]: Started Make remote CUPS printers available
locally.
Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Main process exited,
code=killed, status=11/SEGV
Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Unit entered failed
state.
Jan 12 14:09:38 xen systemd[1]: cups-browsed.service: Failed with result
'signal'.
And in dmesg (in a loop):
[95217.312576] audit: type=1400 audit(1484230171.171:1004): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/lib/cups/backend/cups-pdf" pid=16941 comm="apparmor_parser"
[95217.313011] audit: type=1400 audit(1484230171.171:1005): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/sbin/cupsd" pid=16941 comm="apparmor_parser"
[95217.313202] audit: type=1400 audit(1484230171.171:1006): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/sbin/cupsd//third_party" pid=16941 comm="apparmor_parser"
[95218.126005] audit: type=1400 audit(1484230171.983:1007): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17074
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95218.126018] audit: type=1400 audit(1484230171.983:1008): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17074
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95222.686493] audit: type=1400 audit(1484230176.542:1009): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17553
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95222.686624] audit: type=1400 audit(1484230176.542:1010): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cupsd" name="/run/systemd/journal/stdout" pid=17553
comm="cupsd" requested_mask="w" denied_mask="w" fsuid=100000 ouid=100000
[95224.324494] audit: type=1400 audit(1484230178.182:1011): apparmor="STATUS"
operation="profile_load"
label="lxd-xen_</var/lib/lxd>//&:lxd-xen_<var-lib-lxd>://unconfined"
name="/usr/sbin/cups-browsed" pid=17681 comm="apparmor_parser"
[95224.610016] audit: type=1400 audit(1484230178.466:1012): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cups-browsed" name="/run/systemd/journal/stdout" pid=17765
comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=100000
ouid=100000
[95224.610029] audit: type=1400 audit(1484230178.466:1013): apparmor="DENIED"
operation="file_inherit" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cups-browsed" name="/run/systemd/journal/stdout" pid=17765
comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=100000
ouid=100000
[95224.610046] audit: type=1400 audit(1484230178.466:1014): apparmor="DENIED"
operation="file_mmap" namespace="root//lxd-xen_<var-lib-lxd>"
profile="/usr/sbin/cups-browsed" name="/usr/sbin/cups-browsed" pid=17765
comm="cups-browsed" requested_mask="rm" denied_mask="rm" fsuid=100000
ouid=100000
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1655982/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
