Reopening this issue as I am still observing the net_admin denial in
jammy.
** Changed in: cups (Ubuntu)
Status: Expired => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
Where/what file are you adding net_admin caps too? I would not expect
modifying the cups profile to affect the default media player.
Can you look for apparmor="DENIED" messages in your log?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is
Like napsty above, I'm using LM 19.3. I fixed the problem with printing
by adding the "net_admin caps" correction, per Jamie. That worked fine,
but now the default media player in LM 19.3 won't play mpg4 video files.
If I remove the "net_admin caps" correction, the ability to play mpg4
files is
@skliarie, your pasted log message is actually a different issue, and I
just reported
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369 for it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
Same happens in 18.04 (Linux Mint 19.3). Needed to manually add the
net_admin caps as mentioned by Jamie.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1660316
Title:
Looks like the same error in ubuntu 20.04:
Jun 5 00:00:07 cmdesk01 kernel: [4025941.209572] audit: type=1400
audit(1591304407.264:388): apparmor="DENIED" operation="capable"
profile="/usr/sbin/cups-browsed" pid=1792223 comm="cups-browsed"
capability=23 capname="sys_nice"
--
You received this
I'm seeing this in 19.10 as well. Good to know it's gone for at least two
years without being
fixed, way to go Canonical!
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
I'm seeing this in Ubuntu 18.04 as well. I have 2 printers configured an
HP LaserJet p4015 and a Canon ImageRunner C5030.
kernel: [35100.990629] audit: type=1400 audit(1536755161.327:158):
apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd"
pid=15321 comm="cupsd" capability=12
I finally got to check the status of this on Ubuntu 17.04. Same computer but
upgraded ubuntu.
Print from LibreOffice gave this in log (dmesg):
[491184.232027] audit: type=1400 audit(1496903835.766:41): apparmor="DENIED"
operation="capable" profile="/usr/sbin/cupsd" pid=21237 comm="lpd"
In the meantime, users can workaround this by adjusting
/etc/apparmor.d/local/usr.sbin.cupsd to have:
capability net_admin,
and then reloading the profile with:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.cupsd
--
You received this bug notification because you are a member of Ubuntu
@Till, see 'man 7 capabilities' for what net_admin grants. We need to
understand why the access is needed before granting it.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
Meanwhile I've upgraded the computer to 17.04, but I have not checked
the presence of the bug after the upgrade. I will check tomorrow when I
get access to the computer.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in
I do not exactly why lpadmin needs this capability, I even do not know
which actions are covered by net_admin. What I know about the LPD
backend is that it accesses the printer through port 515 and it is
possible that the backend accesses the printer via SNMP in addition.
--
You received this
[Expired for cups (Ubuntu) because there has been no activity for 60
days.]
** Changed in: cups (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
net_admin is a very powerful capability. What is lpd trying to do?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1660316
Title:
apparmor denial of CUPS
Status in cups
Sorry, picked up the wrong names.
Jamie, Marc, could you help me concerning how to add the "net_admin"
capability to the "lpd" CUPS backend (see previous comment)?
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in
According to this line
Jan 30 12:42:26 dag-TS-P500 kernel: [ 895.746636] audit: type=1400
audit(1485776546.086:43): apparmor="DENIED" operation="capable"
profile="/usr/sbin/cupsd" pid=6967 comm="lpd" capability=12
capname="net_admin"
the CUPS "lpd" bacjend (/usr/lib/cups/backend/lpd) needs the
This was raised from the C308 printer, which I just had installed. The
C650 was the old printer that we got, and I _think_ printing was working
on that machine.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
Which print queue failed with active AppArmor? KONICA-
MINOLTA-C650-Series or Minolta-C308 or both?
** Changed in: cups (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in
19 matches
Mail list logo