touch-packages team mailing list archive
-
touch-packages team
-
Mailing list archive
-
Message #77684
[Bug 1454463] Re: CUPS not allowed to mknod to /var/log by apparmor
** Description changed:
I have a two-machine network, both running 14.04.1 but mostly updated.
+ CUPS version is 1.7.2-0ubuntu1
- I cannot print to the remote CUPS-managed printer, except with a few
- apps which see the printers directly via avahi (e.g. Evince).
+ Machine A - has printer attached
+ Machine B - printing to A doesn't work via CUPS
- I can print to the printer from the machine local to the printer.
+ I cannot print to the CUPS-managed printer attached to A from B, except
+ with a few apps which see the printer directly via avahi (e.g. Evince).
+ I can print to the printer from A.
- /var/log/syslog on the remote machine shows:
+ /var/log/syslog on B shows:
ay 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server kernel: [47923.441374] type=1400 audit(1431474629.549:811): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/cache/cups/job.cache.N" pid=7814 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/error_log" pid=7814 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.441421] type=1400 audit(1431474629.549:813): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/data/var/log/cups/" pid=7814 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.441444] type=1400 audit(1431474629.549:814): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/error_log" pid=7814 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.706282] type=1400 audit(1431474629.817:815): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=16874 comm="apparmor_parser"
May 13 09:50:29 server kernel: [47923.706551] type=1400 audit(1431474629.817:816): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=16874 comm="apparmor_parser"
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/access_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/page_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server kernel: [47923.710922] type=1400 audit(1431474629.821:817): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/access_log" pid=16884 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.710931] type=1400 audit(1431474629.821:818): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/data/var/log/cups/" pid=16884 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.710964] type=1400 audit(1431474629.821:819): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/access_log" pid=16884 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.710985] type=1400 audit(1431474629.821:820): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/error_log" pid=16884 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
-
- Google search yields similar but significantly different bugs, and from years ago.
+ Google search yields similar but significantly different (and ancient)
+ bugs. For example
+ https://bugs.launchpad.net/ubuntu/+source/cups/+bug/810687 didn't allow
+ CUPS to start, but CUPS does start, just doesn't work. Also that bug
+ was reportedly fixed in CUPS 1.4.7.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1454463
Title:
CUPS not allowed to mknod to /var/log by apparmor
Status in cups package in Ubuntu:
New
Bug description:
I have a two-machine network, both running 14.04.1 but mostly updated.
CUPS version is 1.7.2-0ubuntu1
Machine A - has printer attached
Machine B - printing to A doesn't work via CUPS
I cannot print to the CUPS-managed printer attached to A from B,
except with a few apps which see the printer directly via avahi (e.g.
Evince).
I can print to the printer from A.
/var/log/syslog on B shows:
ay 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server kernel: [47923.441374] type=1400 audit(1431474629.549:811): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/cache/cups/job.cache.N" pid=7814 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.441413] type=1400 audit(1431474629.549:812): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/error_log" pid=7814 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.441421] type=1400 audit(1431474629.549:813): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/data/var/log/cups/" pid=7814 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.441444] type=1400 audit(1431474629.549:814): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/error_log" pid=7814 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.706282] type=1400 audit(1431474629.817:815): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/lib/cups/backend/cups-pdf" pid=16874 comm="apparmor_parser"
May 13 09:50:29 server kernel: [47923.706551] type=1400 audit(1431474629.817:816): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/cupsd" pid=16874 comm="apparmor_parser"
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/access_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/page_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server cupsd: Unable to change ownership of "/var/log/cups" - Permission denied
May 13 09:50:29 server cupsd: Unable to open log file "/var/log/cups/error_log" - Permission denied
May 13 09:50:29 server kernel: [47923.710922] type=1400 audit(1431474629.821:817): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/access_log" pid=16884 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.710931] type=1400 audit(1431474629.821:818): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/data/var/log/cups/" pid=16884 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.710964] type=1400 audit(1431474629.821:819): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/access_log" pid=16884 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
May 13 09:50:29 server kernel: [47923.710985] type=1400 audit(1431474629.821:820): apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/data/var/log/cups/error_log" pid=16884 comm="cupsd" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
Google search yields similar but significantly different (and ancient)
bugs. For example
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/810687 didn't
allow CUPS to start, but CUPS does start, just doesn't work. Also
that bug was reportedly fixed in CUPS 1.4.7.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1454463/+subscriptions
References
