← Back to team overview

desktop-packages team mailing list archive

[Bug 1371097] Re: cupsd is not allowed to access /var/cache/samba/gencache.tdb by apparmor

 

This bug was fixed in the package cups - 1.7.5-2ubuntu1

---------------
cups (1.7.5-2ubuntu1) utopic; urgency=medium

  * debian/local/apparmor-profile:
    - move Ux to Cx -> third_party and provie a third_party child profile. In
      this manner, we can add some modest confinement (can't change MAC
      policy, change_profile or mount) but more importantly it allows us to
      specify peer=third_party to restrict where the strictly confined cups
      process can send signals (LP: #1370930)
    - allow r of /var/cache/samba/*.tdb (LP: #1371097)
    - allow r of /var/{cache,lib}/samba/printing/printers.tdb
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Wed, 24 Sep 2014 11:24:03 -0500

** Changed in: cups (Ubuntu)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1371097

Title:
  cupsd is not allowed to access /var/cache/samba/gencache.tdb by
  apparmor

Status in “cups” package in Ubuntu:
  Fix Released

Bug description:
  For some reason /usr/sbin/cupsd tries to access
  /var/cache/samba/gencache.tdb. I have a printer setup via samba so
  that may be the reason.

  The apparmor profile for cupsd does not allow this. I get this error
  in the logs:

   kernel: [284527.967015] type=1400 audit(1411040510.770:103):
  apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd"
  name="/var/cache/samba/gencache.tdb" pid=1722 comm="smb"
  requested_mask="r" denied_mask="r" fsuid=7 ouid=0

  A listing of the apparmor profile (/etc/apparmor.d/usr.sbin.cupsd) is here:
  http://pastebin.ubuntu.com/8372024/

  The file /etc/apparmor.d/usr.sbin.cupsd belongs to the cups-daemon
  package

  The system silently fails to print from GUI. The fanny part is that I
  printed something successfully the day I set the printer up
  (yesterday).

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: cups-daemon 1.7.2-0ubuntu1.2
  ProcVersionSignature: Ubuntu 3.13.0-35.62-generic 3.13.11.6
  Uname: Linux 3.13.0-35-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.14.1-0ubuntu3.4
  Architecture: amd64
  CupsErrorLog:
   
  Date: Thu Sep 18 15:27:52 2014
  InstallationDate: Installed on 2014-09-01 (17 days ago)
  InstallationMedia: Ubuntu 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.2)
  Lpstat: device for SRB01PR001: smb://prs03ist00.lim.tepak.int/SRB01PR001
  MachineType: Apple Inc. MacPro5,1
  Papersize: a4
  PpdFiles: SRB01PR001: HP Color LaserJet CP3505 Postscript (recommended)
  ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.13.0-35-generic.efi.signed root=/dev/mapper/ubuntu--vg-root ro quiet splash vt.handoff=7
  SourcePackage: cups
  UpgradeStatus: No upgrade log present (probably fresh install)
  dmi.bios.date: 10/07/10
  dmi.bios.vendor: Apple Inc.
  dmi.bios.version: MP51.88Z.007F.B03.1010071432
  dmi.board.asset.tag: 0
  dmi.board.name: Mac-F221BEC8
  dmi.board.vendor: Apple Inc.
  dmi.chassis.type: 7
  dmi.chassis.vendor: Apple Inc.
  dmi.chassis.version: Mac-F221BEC8
  dmi.modalias: dmi:bvnAppleInc.:bvrMP51.88Z.007F.B03.1010071432:bd10/07/10:svnAppleInc.:pnMacPro5,1:pvr0.0:rvnAppleInc.:rnMac-F221BEC8:rvr:cvnAppleInc.:ct7:cvrMac-F221BEC8:
  dmi.product.name: MacPro5,1
  dmi.product.version: 0.0
  dmi.sys.vendor: Apple Inc.
  modified.conffile..etc.default.cups:
   # Cups configure options
   
   # LOAD_LP_MODULE: enable/disable to load "lp" parallel printer driver module
   # LOAD_LP_MODULE has migrated to /etc/modules-load.d/cups-filters.conf
   # LOAD_LP_MODULE=yes
  mtime.conffile..etc.default.cups: 2014-07-23T01:20:18

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1371097/+subscriptions


References