← Back to team overview

touch-packages team mailing list archive

[Bug 1376611] Re: AppArmor: cupsd not allowed to send signals to third_party

 

Didier, sure. Actually, I already took a todo to do just this but wanted
to think about the fact that Debian doesn't support the signal rule and
how to best handle it before submitting.

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1376611

Title:
  AppArmor: cupsd not allowed to send signals to third_party

Status in “cups” package in Ubuntu:
  In Progress

Bug description:
  The cups 1.7.5-3 AppArmor profile has this rule which seems to be ineffective:
    signal (receive, send) peer=third_party,

  I get this denial log entry when (re)installing cups:
  audit: type=1400 audit(1412239287.417:110): apparmor="DENIED" operation="signal" profile="/usr/sbin/cupsd" pid=28964 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="/usr/sbin/cupsd//third_party"

  Changing it to the absolute profile name seems to work:
    signal (receive, send) peer=/usr/sbin/cupsd//third_party,

  I guess apparmor_parser can't distinguish between a profile named
  third_party and a subprofile named third_party.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1376611/+subscriptions


References