touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #23190
[Bug 1376611] Re: AppArmor: cupsd not allowed to send signals to third_party
Didier, sure. Actually, I already took a todo to do just this but wanted
to think about the fact that Debian doesn't support the signal rule and
how to best handle it before submitting.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1376611
Title:
AppArmor: cupsd not allowed to send signals to third_party
Status in “cups” package in Ubuntu:
In Progress
Bug description:
The cups 1.7.5-3 AppArmor profile has this rule which seems to be ineffective:
signal (receive, send) peer=third_party,
I get this denial log entry when (re)installing cups:
audit: type=1400 audit(1412239287.417:110): apparmor="DENIED" operation="signal" profile="/usr/sbin/cupsd" pid=28964 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="/usr/sbin/cupsd//third_party"
Changing it to the absolute profile name seems to work:
signal (receive, send) peer=/usr/sbin/cupsd//third_party,
I guess apparmor_parser can't distinguish between a profile named
third_party and a subprofile named third_party.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1376611/+subscriptions
References