desktop-packages team mailing list archive

[Felix Geyer <debfx-pkg@xxxxxxxx>]

Public bug reported:

The cups 1.7.5-3 AppArmor profile has this rule which seems to be ineffective:
  signal (receive, send) peer=third_party,

I get this denial log entry when (re)installing cups:
audit: type=1400 audit(1412239287.417:110): apparmor="DENIED" operation="signal" profile="/usr/sbin/cupsd" pid=28964 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="/usr/sbin/cupsd//third_party"

Changing it to the absolute profile name seems to work:
  signal (receive, send) peer=/usr/sbin/cupsd//third_party,

I guess apparmor_parser can't distinguish between a profile named
third_party and a subprofile named third_party.

** Affects: cups (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: apparmor

** Tags added: apparmor

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1376611

Title:
  AppArmor: cupsd not allowed to send signals to third_party

Status in “cups” package in Ubuntu:
  New

Bug description:
  The cups 1.7.5-3 AppArmor profile has this rule which seems to be ineffective:
    signal (receive, send) peer=third_party,

  I get this denial log entry when (re)installing cups:
  audit: type=1400 audit(1412239287.417:110): apparmor="DENIED" operation="signal" profile="/usr/sbin/cupsd" pid=28964 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="/usr/sbin/cupsd//third_party"

  Changing it to the absolute profile name seems to work:
    signal (receive, send) peer=/usr/sbin/cupsd//third_party,

  I guess apparmor_parser can't distinguish between a profile named
  third_party and a subprofile named third_party.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1376611/+subscriptions