Ubuntu
cups-filters package

AppArmor policy denials in CUPS

Bug #1379368 reported by Suskam
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
cups-filters (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

This is a bug that is related to my original problem reported here: https://bugs.launchpad.net/ubuntu/+source/compiz/+bug/1378795

[1053073.016844] type=1400 audit(1412769752.904:40591): apparmor="DENIED" operation="open" profile="/usr/sbin/cups-browsed" name="/etc/cups/lpoptions" pid=1000 comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: cups 1.7.2-0ubuntu1.2
ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6
Uname: Linux 3.13.0-36-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CupsErrorLog:

Date: Thu Oct 9 16:20:08 2014
InstallationDate: Installed on 2014-07-04 (97 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
Lpstat: device for Xina4: socket://xena4.chemi.muni.cz:9100
MachineType: Hewlett-Packard HP xw4600 Workstation
Papersize: letter
PpdFiles: Xina4: Xerox WorkCentre 3315 PS (English)
ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-36-generic root=UUID=e9b738ea-3022-4ef9-85df-23d3b8fa77cc ro quiet splash
SourcePackage: cups
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 02/19/2009
dmi.bios.vendor: Hewlett-Packard
dmi.bios.version: 786F3 v01.16
dmi.board.name: 0AA0h
dmi.board.vendor: Hewlett-Packard
dmi.chassis.type: 6
dmi.chassis.vendor: Hewlett-Packard
dmi.modalias: dmi:bvnHewlett-Packard:bvr786F3v01.16:bd02/19/2009:svnHewlett-Packard:pnHPxw4600Workstation:pvr:rvnHewlett-Packard:rn0AA0h:rvr:cvnHewlett-Packard:ct6:cvr:
dmi.product.name: HP xw4600 Workstation
dmi.sys.vendor: Hewlett-Packard

Revision history for this message
Suskam (sushilbioinfo) wrote :
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Jamie, another problem caused by the new AppArmor version.

Jamie Strandboge (jdstrand)
tags: added: apparmor
Changed in cups (Ubuntu):
status: New → Triaged
importance: Undecided → Medium
assignee: nobody → Jamie Strandboge (jdstrand)
affects: cups (Ubuntu) → cups-filters (Ubuntu)
Changed in cups-filters (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups-filters - 1.0.61-0ubuntu2

---------------
cups-filters (1.0.61-0ubuntu2) utopic; urgency=medium

  * debian/apparmor/usr.sbin.cups-browsed: allow read on /etc/cups/lpoptions
    (LP: #1379368)
 -- Jamie Strandboge <email address hidden> Thu, 16 Oct 2014 06:34:18 -0500

Changed in cups-filters (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Axel Beckert (xtaran) wrote :

This still happens on Trusty and fills the syslog... Is there a chance to get that fixed in Trusty, too?

Revision history for this message
Dept.Técnico (Extreme Micro S.L.) (tecnicos-extreme-micro) wrote :

You can add the below line to the file /etc/apparmor.d/usr.sbin.cups-browsed :

...
  /etc/cups/lpoptions r, #line to add. It will allow cups to read lptoptions
  /etc/cups/cups-browsed.conf r,
  /{var/,}run/cups/certs/* r,
  /tmp/** rw,
...

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.