apparmor should have a 'usr' tunable

In fact the problem should not be specific to cupsys.

ldd reports librairies not found in cupsd but found in cupsenable or others binaries!

root@valeryb:/home/valery# ldd /usr/sbin/cupsd
        linux-gate.so.1 => (0xffffe000)
        libgnutls.so.13 => not found
        libslp.so.1 => not found
        libldap_r.so.2 => not found
        libpam.so.0 => /lib/libpam.so.0 (0xb7ef6000)
        libpaper.so.1 => not found
        libdbus-1.so.3 => not found
        libdns_sd.so.1 => not found
        libcups.so.2 => not found
        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7edd000)
        libgssapi_krb5.so.2 => not found
        libkrb5.so.3 => not found
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7d93000)
        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7d8e000)
        /lib/ld-linux.so.2 (0xb7f17000)
root@valeryb:/home/valery# ldd /usr/sbin/cupsenable
        linux-gate.so.1 => (0xffffe000)
        libcups.so.2 => /home/usr/lib/libcups.so.2 (0xb7f32000)
        libpthread.so.0 => /lib/tls/i686/cmov/libpthread.so.0 (0xb7f1a000)
        libc.so.6 => /lib/tls/i686/cmov/libc.so.6 (0xb7dcf000)
        libgssapi_krb5.so.2 => /home/usr/lib/libgssapi_krb5.so.2 (0xb7da6000)
        libkrb5.so.3 => /home/usr/lib/libkrb5.so.3 (0xb7d1e000)
        libk5crypto.so.3 => /home/usr/lib/libk5crypto.so.3 (0xb7cf9000)
        libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7cf6000)
        libgnutls.so.13 => /home/usr/lib/libgnutls.so.13 (0xb7c86000)
        libm.so.6 => /lib/tls/i686/cmov/libm.so.6 (0xb7c60000)
        libcrypt.so.1 => /lib/tls/i686/cmov/libcrypt.so.1 (0xb7c32000)
        libz.so.1 => /home/usr/lib/libz.so.1 (0xb7c1d000)
        /lib/ld-linux.so.2 (0xb7f7d000)
        libkrb5support.so.0 => /home/usr/lib/libkrb5support.so.0 (0xb7c15000)
        libdl.so.2 => /lib/tls/i686/cmov/libdl.so.2 (0xb7c11000)
        libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7c0e000)
        libresolv.so.2 => /lib/tls/i686/cmov/libresolv.so.2 (0xb7bfb000)
        libtasn1.so.3 => /home/usr/lib/libtasn1.so.3 (0xb7beb000)
        libgpg-error.so.0 => /home/usr/lib/libgpg-error.so.0 (0xb7be7000)
        libgcrypt.so.11 => /home/usr/lib/libgcrypt.so.11 (0xb7b96000)

Thank you for taking the time to report this bug and helping to make Ubuntu better. It would be helpful to know which particular version of cupsys you have installed. You can check via the command 'dpkg -l cupsys | cat' in a terminal. Thanks in advance.

We are closing this bug report as it lacks the information, described in the previous comments, we need to investigate the problem further. However, please reopen it if you can give us the missing information and feel free to submit bug reports in the future.

I also have this problem. Requested information follows.

root@via:~# dpkg -l cupsys | cat
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Installed/Config-f/Unpacked/Failed-cfg/Half-inst/t-aWait/T-pend
|/ Err?=(none)/Hold/Reinst-required/X=both-problems (Status,Err: uppercase=bad)
||/ Name Version Description
+++-==============-================-============================================
iF cupsys 1.3.2-1ubuntu7.6 Common UNIX Printing System(tm) - server

Missing information, which caused the bug to have been closed previously, has now been provided.
Moreover, the bug also occurs on my system, which is a different system from that of the original reporter, such that the bug is confirmed.

The problem appears to be related to AppArmor. Stopping AppArmor before starting cupsys removes the symptom of cupsd not being able to load libgnutls.so.13.
As with the original reporter, on my system /usr/lib is a soft link to another file system.

AppArmor abstractions need to be updated to include a configurable "/usr" path.

I can confirm cupsd fails to load when /usr/lib is a symlink to another file system. It reports:

cupsd: error while loading shared libraries: libgnutls.so.26: cannot open shared object file: No such file or directory

Perhaps more importantly, 'ldd /usr/sbin/cupsd' reported many libraries as 'not found'.

Both of these symptoms are resolved by moving the lib directory back to /usr/ and dispensing with the symlink.

I do not have enough knowledge to say whether this is a bug, or merely a matter of configuring AppArmour.

$ lsb_release -a
Distributor ID: Ubuntu
Description: Ubuntu 9.04
Release: 9.04
Codename: jaunty

The recent change of description of this bug suggests a particular solution to the problem, which I think is incomplete.

The problem occurs on my machine because, although /usr is located on the root filesystem, several of the directories under /usr are soft links to targets on a different filesystem. I need to do this because the root filesystem is a smallish flash disk that does not have enough space to hold some of the files that are needed only late in the boot process (such as X etc).

I have fixed this by changing all of the apparmor configuration files that contain impacted paths to include the target path. Laborious, although such an update could probably be automated.

Perhaps a dpkg-reconfigure hook could be added to enable the admin to update the apparmor config files when particular files or directories have been moved.

Jan, your configuration is highly specialized and the complexity of implementing this in packaging would be high and likely incomplete for others with different setups. That said, providing an easy way for people to use aliases with examples in tunables/alias would make it so people with these specialized setups (like yourself) could modify one file instead of many.

This bug was fixed in the package apparmor - 2.3.1+bzr1312-0ubuntu4

---------------
apparmor (2.3.1+bzr1312-0ubuntu4) lucid; urgency=low

  * 0001-tunable-alias.patch: backport r1330 to make it easier for people
    to use AppArmor's alias rules (LP: #160002)
 -- Jamie Strandboge <email address hidden> Mon, 11 Jan 2010 14:31:06 -0600