desktop-packages team mailing list archive
-
desktop-packages team
-
Mailing list archive
-
Message #71273
[Bug 1370930] Re: apparmor cups samba problem no printing
Since 14.04, apparmor has signal mediation. Cups is trying to kill some processes. To obtain 13.10 behavior, you could add this to usr.sbin.cupsd:
signal,
However, this would obviously allow cups to send signals to anything. I'm guessing it is sending signals to third party backends. It would probably be best to change this rule:
/usr/lib/cups/backend/* Ux,
to something like (untested):
/usr/lib/cups/backend/* Cx -> cups_backends,
signal (send) peer=cups_backends,
profile cups_backends {
file,
capability,
network,
audit deny capability mac_admin,
dbus,
signal,
ptrace,
unix,
}
In addition to fixing the above, this adds a modest improvement over
what we have now: backends aren't allowed to change MAC policy, can't
change_profile and can't use mount.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1370930
Title:
apparmor cups samba problem no printing
Status in “cups” package in Ubuntu:
New
Bug description:
I configured a usb brother printer correctly (working) on ubuntu 14.04.1.
Then I installed a samba server to share this printer on a windows network
The samba printing from windows machines works correctly. The usb direct cups printing inform printing OK, jobs completed, but nothing prints. On syslog I see this apparmor DENIED messages:
Sep 18 08:51:57 gabi-K55A kernel: [ 844.181601] type=1400 audit(1411023117.729:74): apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd
" name="/var/cache/samba/gencache.tdb" pid=3353 comm="smb" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
Sep 18 08:51:57 gabi-K55A kernel: [ 844.181649] type=1400 audit(1411023117.729:75): apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd
" name="/var/cache/samba/gencache.tdb" pid=3353 comm="smb" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
Sep 18 08:51:57 gabi-K55A kernel: [ 844.182286] type=1400 audit(1411023117.729:76): apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd
" name="/var/cache/samba/gencache.tdb" pid=3353 comm="smb" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394145] type=1400 audit(1411023244.943:77): apparmor="DENIED" operation="signal" profile="/usr/sbin/cup
sd" pid=2034 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394155] type=1400 audit(1411023244.943:78): apparmor="DENIED" operation="signal" profile="/usr/sbin/cup
sd" pid=2034 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394161] type=1400 audit(1411023244.943:79): apparmor="DENIED" operation="signal" profile="/usr/sbin/cup
sd" pid=2034 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
Sep 18 08:54:04 gabi-K55A kernel: [ 971.394166] type=1400 audit(1411023244.943:80): apparmor="DENIED" operation="signal" profile="/usr/sbin/cup
sd" pid=2034 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
I install with apt-get last apparmor profiles, but I get this messages yet, with the same result (no printing):
Sep 18 09:15:06 gabi-K55A kernel: [ 100.620853] usblp0: removed
Sep 18 09:15:06 gabi-K55A kernel: [ 100.878155] usblp 1-4:1.0: usblp0: USB Bidirectional printer dev 3 if 0 alt 0 proto 2 vid 0x04F9 pid 0x0037
Sep 18 09:16:39 gabi-K55A kernel: [ 193.894732] type=1400 audit(1411024599.437:117): apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd" name="/var/cache/samba/gencache.tdb" pid=2384 comm="smb" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1370930/+subscriptions
References
