[Touch-packages] [Bug 1897369] Re: apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)

Fri, 25 Sep 2020 23:56:33 -0700 

>From the manual page capabilities(7):

       CAP_SYS_NICE
              * Lower the process nice  value  (nice(2),  setpriority(2))  and
                change the nice value for arbitrary processes;
              * set real-time scheduling policies for calling process, and set
                scheduling policies and  priorities  for  arbitrary  processes
                (sched_setscheduler(2), sched_setparam(2), sched_setattr(2));
              * set  CPU  affinity  for  arbitrary  processes (sched_setaffin‐
                ity(2));
              * set I/O scheduling class and priority for arbitrary  processes
                (ioprio_set(2));
              * apply  migrate_pages(2)  to arbitrary processes and allow pro‐
                cesses to be migrated to arbitrary nodes;
              * apply move_pages(2) to arbitrary processes;
              * use the MPOL_MF_MOVE_ALL flag with mbind(2) and move_pages(2)

No idea, if cups-browsed should be allowed to change the nice value of
*arbitrary* processes.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1897369

Title:
  apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)

Status in cups package in Ubuntu:
  New

Bug description:
  In Ubuntu 20.04.1 with *cups-browsed* 1.27.4-1, apparmor prevents
  `/usr/sbin/cups-browsed` to change its nice value.

      $ sudo dmesg | grep apparmor
      [541870.509461] audit: type=1400 audit(1600898428.089:60): 
apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" 
pid=62030 comm="cups-browsed" capability=23  capname="sys_nice"
      [628298.779668] audit: type=1400 audit(1600984854.115:61): 
apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" 
pid=66850 comm="cups-browsed" capability=23  capname="sys_nice"
      [714667.424963] audit: type=1400 audit(1601071220.527:62): 
apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" 
pid=76828 comm="cups-browsed" capability=23  capname="sys_nice"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to