user pkg-apparmor-t...@lists.alioth.debian.org usertags #980974 help-needed thanks
On Sun 24 Jan 2021 at 22:53:00 +0000, Chris Bainbridge wrote: > Package: cups > Version: 2.3.3op1-7 > > After upgrading to bullseye, TCP connections from cupsd to localhost > appeared to be blocked: > > Jan 23 23:39:29 debian audit[2172]: AVC apparmor="DENIED" > operation="capable" profile="/usr/sbin/cupsd" pid=2172 comm="cupsd" > capability=12 capname="net_admin" > Jan 23 23:39:29 debian systemd[1]: Started CUPS Scheduler. > Jan 23 23:39:29 debian kernel: kauditd_printk_skb: 10 callbacks suppressed > Jan 23 23:39:29 debian kernel: audit: type=1400 audit(1611445169.589:22): > apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=2172 > comm="cupsd" capability=12> > Jan 23 23:39:29 debian systemd[1]: Started Make remote CUPS printers > available locally. > Jan 23 23:39:29 debian audit[2174]: AVC apparmor="DENIED" > operation="capable" profile="/usr/sbin/cups-browsed" pid=2174 > comm="cups-browsed" capability=23 capname="sys_nice" > > I worked around this with `aa-complain cupsd`, `aa-complain cups-browsed`, > but I would guess that this should work without modifications, unless this > (TCP connections from cupsd to backend driver) is considered non-standard > usage? Triaging this report, Chris, but my knowledge of apparmor is very limited. However, I have a minimal unstable installation (base system plus only cups) and can reproduce this behaviour. The last line (but not the first) disappears when cups-browsed is purged. Regards, Brian/