Package: cups Version: 2.3.3op1-7 After upgrading to bullseye, TCP connections from cupsd to localhost appeared to be blocked:
Jan 23 23:39:29 debian audit[2172]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=2172 comm="cupsd" capability=12 capname="net_admin" Jan 23 23:39:29 debian systemd[1]: Started CUPS Scheduler. Jan 23 23:39:29 debian kernel: kauditd_printk_skb: 10 callbacks suppressed Jan 23 23:39:29 debian kernel: audit: type=1400 audit(1611445169.589:22): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=2172 comm="cupsd" capability=12> Jan 23 23:39:29 debian systemd[1]: Started Make remote CUPS printers available locally. Jan 23 23:39:29 debian audit[2174]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=2174 comm="cups-browsed" capability=23 capname="sys_nice" I worked around this with `aa-complain cupsd`, `aa-complain cups-browsed`, but I would guess that this should work without modifications, unless this (TCP connections from cupsd to backend driver) is considered non-standard usage?
