Public bug reported: cups-pdf cannot create the ~/PDF directory if it does not exist and fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system administrator to change it's output directory by changing the Out key in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again if the admin changes the Out key to some other location outside of the ${HOME}/PDF directory. (It's default setting.) cups-pdf also does not have an #include for using local overrides in it's apparmor config. As such any fixes that the local admin makes will be overwritten by the next update to the cups package, breaking it again. Description: Ubuntu 16.04.2 LTS Release: 16.04 printer-driver-cups-pdf: Installed: 2.6.1-21 Candidate: 2.6.1-21 Version table: *** 2.6.1-21 500 500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages 100 /var/lib/dpkg/status cups: Installed: 2.1.3-4 Candidate: 2.1.3-4 Version table: *** 2.1.3-4 500 500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status What happened: cups-pdf when installed for the first time fails with the following apparmor denials: [ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015 comm="cups-pdf" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/sbin/cupsd" [ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/cups/backend/cups-pdf" [ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED" operation="open" profile="/usr/lib/cups/backend/cups-pdf" name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED" operation="open" profile="/usr/lib/cups/backend/cups-pdf" name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED" operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf" name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 What I expected to happen: cups-pdf creates the pdf file it was supposed to. As a workaround, I set cups-pdf to use the third-party settings from the cups profile, then it worked as expected. ** Affects: cups (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cups in Ubuntu. https://bugs.launchpad.net/bugs/1698693 Title: cups-pdf blocked by apparmor Status in cups package in Ubuntu: New Bug description: cups-pdf cannot create the ~/PDF directory if it does not exist and fails with no indication to the user. It should however be pointed out that cups-pdf allows the system administrator to change it's output directory by changing the Out key in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again if the admin changes the Out key to some other location outside of the ${HOME}/PDF directory. (It's default setting.) cups-pdf also does not have an #include for using local overrides in it's apparmor config. As such any fixes that the local admin makes will be overwritten by the next update to the cups package, breaking it again. Description: Ubuntu 16.04.2 LTS Release: 16.04 printer-driver-cups-pdf: Installed: 2.6.1-21 Candidate: 2.6.1-21 Version table: *** 2.6.1-21 500 500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages 100 /var/lib/dpkg/status cups: Installed: 2.1.3-4 Candidate: 2.1.3-4 Version table: *** 2.1.3-4 500 500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status What happened: cups-pdf when installed for the first time fails with the following apparmor denials: [ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED" operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015 comm="cups-pdf" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/sbin/cupsd" [ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send receive" addr=none peer_addr=none peer="/usr/lib/cups/backend/cups-pdf" [ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED" operation="open" profile="/usr/lib/cups/backend/cups-pdf" name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED" operation="open" profile="/usr/lib/cups/backend/cups-pdf" name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 [ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED" operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf" name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf" requested_mask="c" denied_mask="c" fsuid=0 ouid=0 What I expected to happen: cups-pdf creates the pdf file it was supposed to. As a workaround, I set cups-pdf to use the third-party settings from the cups profile, then it worked as expected. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1698693/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp