Ubuntu
apparmor package

Cannot Print to PDF using Likewise-Open

Bug #235646 reported by Matt Austin
2
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Medium
Unassigned

Bug Description

Binary package hint: likewise-open

I am using Likewise-Open on Ubuntu 8.04 LTS Hardy Heron.

When I attempt to print a document to the CUPS PDF printer (cups-pdf:/), no PDF document is saved, and the following errors are made in syslog:

May 29 10:23:37 matt-seo kernel: [180337.511320] audit(1212027817.101:5): type=1503 operation="inode_permission" requested_mask="w::" denied_mask="w::" name="/var/lib/likewise-open/lwidentity_privileged/pipe" pid=19514 profile="/usr/lib/cups/backend/cups-pdf" namespace="default"
May 29 10:23:37 matt-seo kernel: [180337.555899] audit(1212027817.145:6): type=1503 operation="inode_mkdir" requested_mask="w::" denied_mask="w::" name="/home/CORP/matt/PDF/" pid=19515 profile="/usr/lib/cups/backend/cups-pdf" namespace="default"

Related branches

lp:ubuntu/karmic/apparmor
Revision history for this message
Mathias Gug (mathiaz) wrote :

The two messages are related to AppArmor and the cups profile.

The first entry seems to be an issue with likewise-open authentication and its likewise abstraction.

The second entry is related to cups-pdf profile, which allows cups-pdf to write pdf file only to certain directories. Have a look at the cupsd apparmor profile in /etc/apparmor.d/ and the HOME definition in /etc/apparmor.d/tunables/.

You can find more information about debugging AppArmor issues at https://wiki.ubuntu.com/DebuggingApparmor.

Changed in likewise-open:
importance: Undecided → Medium
status: New → Confirmed
Revision history for this message
Matt Austin (mattaustin) wrote :

Thanks for your help in diagnosing this Mathias.

I changed line 16 in /etc/apparmor.d/tunables

From:
@{HOME}=@{HOMEDIRS}/*/ /root/

To:
@{HOME}=@{HOMEDIRS}/*/ /root/ @{HOMEDIRS}/CORP/*/

I can now sucessfully print to PDF. However the following is still generated in kern.log (only the one error now):
May 30 13:34:18 matt-seo kernel: [277977.041945] audit(1212125658.677:11): type=1503 operation="inode_permission" requested_mask="w::" denied_mask="w::" name="/var/lib/likewise-open/lwidentity_privileged/pipe" pid=28593 profile="/usr/lib/cups/backend/cups-pdf" namespace="default"

"CORP" is the name of the windows domain I have joined (using likewise-open). My home directory is: /home/CORP/matt/

I guess the problem is due to the way AppArmor defines the home path?

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package apparmor - 2.1+1075-0ubuntu10

---------------
apparmor (2.1+1075-0ubuntu10) intrepid; urgency=low

  [ Jamie Strandboge ]
   * added abstractions/smbpass and #include it in abstractions/authentication
     to allow access to /var/lib/samba/*.tdb. LP: #217787

  [ Mathias Gug ]
   * update likewise-open authentication abstraction: allow access to
     privileged pipe (LP: #235646).
   * Update smbd profile to include access to /var/spool/samba/ (printer
     sharing) and utmp update (LP: #237066).
   * Update esound location in audio profile (LP: #229127).
     Thanks to Adam Mondl.
   * Add dnsmasq profile (LP: #148590). Thanks to John Dong.

 -- Mathias Gug <email address hidden> Mon, 09 Jun 2008 18:24:09 -0400

Changed in apparmor:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.