The problem here is how Chromium obtains the printer capabilities (available paper sizes, trays, resolutions, duplex, ...) to display them in the print dialog and give the user the possibility to choose from them.
Chromium reads the capabilities from the printer's PPD files in /etc/cups/ppd/QUEUE_NAME.ppd. This works with a classic (*.deb packages) installation of Chromium and the current version of CUPS (2.x) without problems. Now Chromium comes as a Snap, so it cannot read the host's file system any more. snapd uses AppArmor to prevent that, therefore we see these "... audit ... DENIED ..." messages in syslog. Due to the fact that we are moving to immutable distros and sandboxed, distro-independent packaging, this way how the print dialog works is not suitable any more. We will also get CUPS 3.x next year which by nature does not support PPD files at all any more, as PPD files are from the old times of PostScript printers and nowadays we have IPP (Internet Printing Protocol) printers which tell their capabilities by themselves. Therefore I have, as part of my OpenPrinting work, conducted a change on Chromium's print dialog, to not access CUPS and PPDs directly any more, but use OpenPrinting's Common Print Dialog Backends instead. This is a D-Bus protocol where the print dialog talks via D-Bus with backends, one for each print technology in use (CUPS, cloud printing services, ...). The D-Bus communication works over sandbox boundaries and also the dialog does not deal with PPDs any more. The implementation work was done in the Google Summer of Code 2023, by Kushagra Sharma: https://github.com/kushagra20251/GSoC/ The project is now available as a merge request to Chromium upstream and needs to get merged: https://chromium-review.googlesource.com/c/chromium/src/+/5007092 What is needed now is that this code gets merged, so that we have a future-proof print dialog in Chromium. ** Changed in: chromium-browser (Ubuntu) Status: Confirmed => In Progress -- You received this bug notification because you are a member of Desktop Packages, which is subscribed to chromium-browser in Ubuntu. https://bugs.launchpad.net/bugs/2088333 Title: Chromium - printer unavailable - apparmor denial Status in chromium-browser package in Ubuntu: In Progress Bug description: Snap chromium loads fine but when I open print preview window and select a USB connected printer and on the left I get a message that the printer is unavailable for all installed printers. Syslog shows the following error below. If I select the PDF printer, I get a print preview as expected. If I install chromium from a 3rd party repo, I do not have this problem and printing works. 2024-11-16T04:14:32.340887+00:00 hostname kernel: kauditd_printk_skb: 39 callbacks suppressed 2024-11-16T04:14:32.340930+00:00 hostname kernel: audit: type=1400 audit(1731730472.339:1550): apparmor="DENIED" operation="open" class="file" profile="snap.chromium.chromium" name="/etc/cups/ppd/printer001.ppd" pid=2189152 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1003 ouid=0 2024-11-16T04:14:32.341776+00:00 hostname chromium_chromium.desktop[2189152]: [2189152:2189152:1115/231432.341331:ERROR:device_event_log_impl.cc(201)] [23:14:32.340] Printer: printer_capabilities.cc:235 Failed to get capabilities for printer001, result: kFailed I tried creating an override profile for apparmor but ran into additional errors that prevented Chromium from loading so I gave up on that. I think if we can add the following to the snap.chromium.chromium apparmor profile this would resolve the issue - /etc/cups/ppd/* path so all files inside are allowed to read as well as /var/spool/cups/*. If you have a working profile override that I can drop in with the two paths I can try that. Ubuntu 24.04 fully patched apparmor/noble-updates,now 4.0.1really4.0.1-0ubuntu0.24.04.3 amd64 [installed,automatic] chromium 130.0.6723.116 2993 latest/stable canonical✓ held To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2088333/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp
