On my system, I have a consistent Deny on cups-browsed --capable, one example from 281300Z November 2020 being:
Nov 28 13:00:24 hotrodgpc-desktop kernel: [ 52.928672] audit: type=1400 audit(1606597224.111:54): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=1496 comm ="cups-browsed" capability=23 capname="sys_nice" I have set cups-browsed to complain mode in AppArmor pending the bugfix. --- ubuntu® 20.04.1-LTS AMD64 AuthenticAMD® Athlon64® 3500+ / 3.3 GiB memory AuthenticAMD® RS780 GPU GNOME 3.36.3 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1897369 Title: apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE) Status in cups package in Ubuntu: Confirmed Bug description: In Ubuntu 20.04.1 with *cups-browsed* 1.27.4-1, apparmor prevents `/usr/sbin/cups-browsed` to change its nice value. $ sudo dmesg | grep apparmor [541870.509461] audit: type=1400 audit(1600898428.089:60): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=62030 comm="cups-browsed" capability=23 capname="sys_nice" [628298.779668] audit: type=1400 audit(1600984854.115:61): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=66850 comm="cups-browsed" capability=23 capname="sys_nice" [714667.424963] audit: type=1400 audit(1601071220.527:62): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=76828 comm="cups-browsed" capability=23 capname="sys_nice" To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
