Hi Doug - Thank you for the excellent bug report! Since we're preparing for the upstream AppArmor 2.11 release, I took a look to see if I could fix this bug prior to the release. Unfortunately, I didn't have time to get to the bottom of what the significance is of the private (sometimes referred to as privileged in the source code) pipe is.
Without understanding the importance of the pipe, I didn't want to rush into granting access from cupsd. I'm glad that you have a workaround to unblock yourself and I hope that we can better understand the usage of that particular pipe to make a judgement call on adding the rule in the upstream policy. Thanks again! ** Also affects: apparmor Importance: Undecided Status: New ** Tags added: aa-policy -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1558753 Title: AppArmor denying CUPS authentication against PAM on AD joined system (SSSD-based) To manage notifications about this bug go to: https://bugs.launchpad.net/apparmor/+bug/1558753/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs