For a quicker solution one possibility could be to go through the xdg-
desktop-portal, the way how Flatpaks print. Here one should perhaps
investigate the Flatpak of Chromium and see how printing in it works,
whether the Chromium print dialog is patched there to make use of the
portal or perhaps completely suppressed so that Chromium is forced to
use the system's dialog which would make it using the portal.
It is important to know that Chromium has its own print dialog, it is
not using the standard GTK dialog by default.There is a link/button in
Chromium's print dialog so that you could use the "system's" print
dialog, and then it opens the GTK dialog, so one could probably easily
patch Chromium to use the GTK dialog (and so also the portal) right
away.
Looking at the syslog messages in the bug report, Chromium's print
dialog seems to directly access the PPD files in /etc/cups/ppd/, which
is already against the principles of using CUPS (there are CUPS APIs to
obtain the printer capabilities). This direct access is not possible
with the browser being snapped.
So a dirty workaround could be adding something like this to Chromium's
snapcraft.yaml:
-----
plugs:
etc-cups:
interface: system-files
read:
- /etc/cups
-----
This way Chromium in the Snap would be allowed to read the PPD files and
so it would work without patching Chromium or sacrifying Chromium's own
print dialog by configuration, but on the other side I am not sure
whether this interface would need permission from the Snap Store team
for auto-connection.
At least it only allows to access CUPS's configuration and not any
spooled jobs or history, so it does not open up too much of the user's
privacy (and it could be more restricted, only allowing access to
/etc/cups/ppd instead of /etc/cups).
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to chromium-browser in Ubuntu.
https://bugs.launchpad.net/bugs/2088333
Title:
Chromium - printer unavailable - apparmor denial
Status in chromium-browser package in Ubuntu:
In Progress
Bug description:
Snap chromium loads fine but when I open print preview window and
select a USB connected printer and on the left I get a message that
the printer is unavailable for all installed printers. Syslog shows
the following error below. If I select the PDF printer, I get a print
preview as expected. If I install chromium from a 3rd party repo, I do
not have this problem and printing works.
2024-11-16T04:14:32.340887+00:00 hostname kernel: kauditd_printk_skb: 39
callbacks suppressed
2024-11-16T04:14:32.340930+00:00 hostname kernel: audit: type=1400
audit(1731730472.339:1550): apparmor="DENIED" operation="open" class="file"
profile="snap.chromium.chromium" name="/etc/cups/ppd/printer001.ppd"
pid=2189152 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r"
fsuid=1003 ouid=0
2024-11-16T04:14:32.341776+00:00 hostname chromium_chromium.desktop[2189152]:
[2189152:2189152:1115/231432.341331:ERROR:device_event_log_impl.cc(201)]
[23:14:32.340] Printer: printer_capabilities.cc:235 Failed to get capabilities
for printer001, result: kFailed
I tried creating an override profile for apparmor but ran into
additional errors that prevented Chromium from loading so I gave up on
that.
I think if we can add the following to the snap.chromium.chromium
apparmor profile this would resolve the issue - /etc/cups/ppd/* path
so all files inside are allowed to read as well as /var/spool/cups/*.
If you have a working profile override that I can drop in with the two
paths I can try that.
Ubuntu 24.04 fully patched
apparmor/noble-updates,now 4.0.1really4.0.1-0ubuntu0.24.04.3 amd64
[installed,automatic]
chromium 130.0.6723.116 2993 latest/stable canonical✓ held
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/2088333/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
