Public bug reported:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key in
/etc/cups/cups-pdf.conf. As such apparmor will get in the way again if
the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes will
be overwritten by the next update to the cups package, breaking it
again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
** Affects: cups (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1698693/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
