[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
[Expired for cups (Ubuntu) because there has been no activity for 60
days.]
** Changed in: cups (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Expired
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendo
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Ooops. Ignore the previous post. Those were the wrong instructions.
These are the correct ones:
1. Install fresh copy of Ubuntu.
2. Install printer-driver-cups-pdf.
3. Change cups-pdf's output directory in /etc/cups/cups-pdf.conf to some
directory outside of the user's home directory, and that the user has
write access to that directory's parent.
4. Make sure the directory defined in step 3 does not exist.
5. Attempt to print using CUPS PDF.
6. Notice the DENIED error in dmesg, and the directory defined in step 3
still does not exist.
6. Notice that cups-pdf lacks an apparmor profile of it's own and is
stored alongside the cupsd profile in /etc/apparmor.d
7. Notice that unlike cupsd, cups-pdf's profile does not have an include
statement for local profile modifications in /etc/apparmor.d/local
8. Attempt to change the default profile for cups-pdf anyway, reload the
new default profile, and try to print again.
9. Find your pdf in the directory defined in step 3.
10. Wait until the cups package is updated again. (Accept the maintainer
version of /etc/apparmor.d/usr.sbin.cupsd when asked.)
11. Notice your changes to the default profile have been wiped out by
the update, and you can no longer print using CUPS PDF if the directory
defined in step 3 is moved or deleted.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
N
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
1. Install fresh copy of Ubuntu.
2. Make sure ~/PDF does not exist.
3. Install printer-driver-cups-pdf.
4. Attempt to print using CUPS PDF.
5. Notice the DENIED error in dmesg, and the lack of a ~/PDF directory.
6. Notice that cups-pdf lacks an apparmor profile of it's own and is
stored alongside the cupsd profile in /etc/apparmor.d
7. Notice that unlike cupsd, cups-pdf's profile does not have an include
statement for local profile modifications in /etc/apparmor.d/local
8. Attempt to change the default profile for cups-pdf anyway, reload the
new default profile, and try to print again.
9. Find your pdf in ~/PDF.
10. Wait until the cups package is updated again. (Accept the maintainer
version of /etc/apparmor.d/usr.sbin.cupsd when asked.)
11. Notice your changes to the default profile have been wiped out by
the update, and you can no longer print using CUPS PDF if ~/PDF is moved
/ or deleted.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 r
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hi Patrick,
I just want to clarify the issue for the programmers.
Could you post the exact steps to reproduce?
For example,
1. Open terminal.
2. type "synaptic...
3
Thanks
G
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: Default string
d
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hi Patrick, there is no other package with which to associate this bug report.
And I will look at preparing this report for the programmers.
:)
G
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassi
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Thanks for the additional information and the patch file, Patrick. I will
contact the bug control team to see if this bug should be associated with a
different Ubuntu package.
And I will look at preparing this report for the programmers.
Thanks again for your patience.
:)
G
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor:
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
The attachment "Allows site-specific overrides for the cups-pdf
profile." seems to be a patch. If it isn't, please remove the "patch"
flag from the attachment, remove the "patch" tag, and if you are a
member of the ~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad user owned by
~brian-murray, for any issues please contact him.]
** Tags added: patch
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megat
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1675503 <- That has
nothing to do with this bug.
https://bugs.launchpad.net/ubuntu/+source/cups-pdf/+bug/1166786 <- Sort
of, that describes the issue and admits the issue's existance, but does
not actually fix it.
What I mean by that is the apparmor profile for cups-pdf does not allow
local modifications by default. Bug #1166786 says you need to make
modifications to workaround the issue, but even if you do, your changes
will be wiped out when the cups-daemon package gets updated.
I attached a patch for the cups-pdf apparmor profile to allow local
modifications, but it will get wiped out too unless it gets integrated
into the cups-daemon package.
Sidenote: Why is the apparmor profile for cups-pdf in cups-daemon? The
pdf backend is in a separate package: printer-driver-cups-pdf.
** Patch added: "Allows site-specific overrides for the cups-pdf profile."
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1698693/+attachment/5186550/+files/local_override_cups-pdf.patch
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hi again, Patrick. Here is an older bug report that seems to be the same
issue.
Could you look at it and let me know if it is the same issue as yours?
https://bugs.launchpad.net/ubuntu/+source/cups-pdf/+bug/1166786
Thanks
G
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version:
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hi Patrick,
Just to confirm, this is still a problem for you in 18.04?
Also could you look at the following bug and see if it is the same as your bug
report:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1675503
Thanks
G
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.ver
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
I'm using Bionic. (18.04.1 LTS) x64
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor: Default string
dmi.chassis.version: Default string
dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:b
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hi Patrick. Thanks for the update and the apport info. I'll look at next steps.
Also, what version of Ubuntu are you using?
Take care
:)
G
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.board.version: x.x
dmi.chassis.asset.tag: Default string
dmi.chassis.type: 3
dmi.chassis.vendor
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hmm... Access Denied, should I resubmit using a different login?
Also the lack of an include directive for /usr/lib/cups/backend/cups-pdf
in /etc/apparmor.d/usr.sbin.cupsd to allow using a different path for
pdf output is still an issue.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
---
ProblemType: Bug
ApportVersion: 2.20.9-0ubuntu7.2
Architecture: amd64
CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
CurrentDesktop: MATE
DistroRelease: Ubuntu 18.04
InstallationDate: Installed on 2017-11-24 (281 days ago)
InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
Lpstat:
device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
device for PDF: cups-pdf:/
MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.2.7-1ubuntu2.1
PackageArchitecture: amd64
Papersize: letter
PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
Tags: bionic apparmor apparmor apparmor apparmor
Uname: Linux 4.15.0-33-generic x86_64
UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
UserGroups:
_MarkForUpload: True
dmi.bios.date: 02/08/2018
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: F21
dmi.board.asset.tag: Default string
dmi.board.name: A320M-S2H-CF
dmi.board.vendor: Gigabyte Technology Co., Ltd.
dmi.b
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
apport information
** Tags added: apparmor apport-collected bionic
** Description changed:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key in
/etc/cups/cups-pdf.conf. As such apparmor will get in the way again if
the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes will
be overwritten by the next update to the cups package, breaking it
again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
+ ---
+ ProblemType: Bug
+ ApportVersion: 2.20.9-0ubuntu7.2
+ Architecture: amd64
+ CupsErrorLog: Error: [Errno 13] Permission denied: '/var/log/cups/error_log'
+ CurrentDesktop: MATE
+ DistroRelease: Ubuntu 18.04
+ InstallationDate: Installed on 2017-11-24 (281 days ago)
+ InstallationMedia: Ubuntu-MATE 17.10 "Artful Aardvark" - Release amd64
(20171018)
+ Lpstat:
+ device for EPSONET-4550:
ipp://call.codenet.local:631/printers/EPSON_ET-4550_Series
+ device for PDF: cups-pdf:/
+ MachineType: Gigabyte Technology Co., Ltd. A320M-S2H
+ NonfreeKernelModules: nvidia_modeset nvidia
+ Package: cups 2.2.7-1ubuntu2.1
+ PackageArchitecture: amd64
+ Papersize: letter
+ PpdFiles: Error: command ['fgrep', '-H', '*NickName',
'/etc/cups/ppd/PDF.ppd'] failed with exit code 2: grep: /etc/cups/ppd/PDF.ppd:
Permission denied
+ ProcCmdline: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
+ ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-4.15.0-33-generic
root=UUID=b719b98c-6702-467b-bad1-38f7ecaed813 ro video=vesafb:off vga=normal
quiet splash
+ ProcVersionSignature: Ubuntu 4.15.0-33.36-generic 4.15.18
+ Tags: bionic apparmor apparmor apparmor apparmor
+ Uname: Linux 4.15.0-33-generic x86_64
+ UpgradeStatus: Upgraded to bionic on 2018-05-20 (104 days ago)
+ UserGroups:
+
+ _MarkForUpload: True
+ dmi.bios.date: 02/08/2018
+ dmi.bios.vendor: American Megatrends Inc.
+ dmi.bios.version: F21
+ dmi.board.asset.tag: Default string
+ dmi.board.name: A320M-S2H-CF
+ dmi.board.vendor: Gigabyte Technology Co., Ltd.
+ dmi.board.version: x.x
+ dmi.chassis.asset.tag: Default string
+ dmi.chassis.type: 3
+ dmi.chassis.vendor: Default string
+ dmi.chassis.version: Default string
+ dmi.modalias:
dmi:bvnAmericanMegatrendsInc.:bvrF21:bd02/08/2018:svnGigabyteTechnologyCo.,Ltd.:pnA320M-S2H:pvrDefaultstring:rvnGigabyteTechnologyCo.,Ltd.:rnA320M-S2H-CF:rvrx.x:cvnDefaultstring:ct3:cvrDefaultstring:
+ dmi.product.family: Def
[Desktop-packages] [Bug 1698693] Re: cups-pdf blocked by apparmor
Hello Patrick,
Thank you for submitting this bug and reporting a problem with cups. You made
this bug report some time ago and Ubuntu has been updated since then.
Could you confirm that this is no longer a problem and that we can close the
ticket?
If it is still a problem, are you still interested in finding a solution to
this bug?
If you are, could you let us know, and in the current version, run the
following (only once):
apport-collect BUGNUMBER
and upload the updated logs and and any other logs that are relevant for this
particular issue.
Thank you again for helping make Ubuntu better.
G
[Ubuntu Bug Squad volunteer triager]
** Changed in: cups (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
Incomplete
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1698693/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
