← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #23413

[Bug 1376611] Re: AppArmor: cupsd not allowed to send signals to third_party

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package cups - 1.7.5-3ubuntu1

---------------
cups (1.7.5-3ubuntu1) utopic; urgency=medium

  * debian/local/apparmor-profile:
    - fix peer on signal rule to use /usr/sbin/cupsd//third_party
      (LP: #1376611)
    - temporarily use attach_disconnected to work around LP: #1373070. This
      should be undone once 1373070 is properly fixed
 -- Jamie Strandboge <jamie@xxxxxxxxxx>   Thu, 02 Oct 2014 08:22:36 -0500

** Changed in: cups (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1376611

Title:
  AppArmor: cupsd not allowed to send signals to third_party

Status in “cups” package in Ubuntu:
  Fix Released

Bug description:
  The cups 1.7.5-3 AppArmor profile has this rule which seems to be ineffective:
    signal (receive, send) peer=third_party,

  I get this denial log entry when (re)installing cups:
  audit: type=1400 audit(1412239287.417:110): apparmor="DENIED" operation="signal" profile="/usr/sbin/cupsd" pid=28964 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="/usr/sbin/cupsd//third_party"

  Changing it to the absolute profile name seems to work:
    signal (receive, send) peer=/usr/sbin/cupsd//third_party,

  I guess apparmor_parser can't distinguish between a profile named
  third_party and a subprofile named third_party.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1376611/+subscriptions

References

  Thread PreviousDate PreviousThread Next