Public bug reported:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key in
/etc/cups/cups-pdf.conf. As such apparmor will get in the way again if
the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes will
be overwritten by the next update to the cups package, breaking it
again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
** Affects: cups (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to cups in Ubuntu.
https://bugs.launchpad.net/bugs/1698693
Title:
cups-pdf blocked by apparmor
Status in cups package in Ubuntu:
New
Bug description:
cups-pdf cannot create the ~/PDF directory if it does not exist and
fails with no indication to the user.
It should however be pointed out that cups-pdf allows the system
administrator to change it's output directory by changing the Out key
in /etc/cups/cups-pdf.conf. As such apparmor will get in the way again
if the admin changes the Out key to some other location outside of the
${HOME}/PDF directory. (It's default setting.)
cups-pdf also does not have an #include for using local overrides in
it's apparmor config. As such any fixes that the local admin makes
will be overwritten by the next update to the cups package, breaking
it again.
Description: Ubuntu 16.04.2 LTS
Release: 16.04
printer-driver-cups-pdf:
Installed: 2.6.1-21
Candidate: 2.6.1-21
Version table:
*** 2.6.1-21 500
500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
100 /var/lib/dpkg/status
cups:
Installed: 2.1.3-4
Candidate: 2.1.3-4
Version table:
*** 2.1.3-4 500
500 http://us.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
100 /var/lib/dpkg/status
What happened:
cups-pdf when installed for the first time fails with the following apparmor
denials:
[ 6117.686934] audit: type=1400 audit(1497816878.998:1079): apparmor="DENIED"
operation="file_inherit" profile="/usr/lib/cups/backend/cups-pdf" pid=6015
comm="cups-pdf" family="unix" sock_type="stream" protocol=0
requested_mask="send receive" denied_mask="send receive" addr=none
peer_addr=none peer="/usr/sbin/cupsd"
[ 6117.686948] audit: type=1400 audit(1497816878.998:1080): apparmor="DENIED"
operation="file_inherit" profile="/usr/sbin/cupsd" pid=6015 comm="cups-pdf"
family="unix" sock_type="stream" protocol=0 requested_mask="send receive"
denied_mask="send receive" addr=none peer_addr=none
peer="/usr/lib/cups/backend/cups-pdf"
[ 6117.688671] audit: type=1400 audit(1497816879.002:1081): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.688688] audit: type=1400 audit(1497816879.002:1082): apparmor="DENIED"
operation="open" profile="/usr/lib/cups/backend/cups-pdf"
name="/var/lib/sss/mc/initgroups" pid=6015 comm="cups-pdf" requested_mask="r"
denied_mask="r" fsuid=0 ouid=0
[ 6117.689719] audit: type=1400 audit(1497816879.002:1083): apparmor="DENIED"
operation="mkdir" profile="/usr/lib/cups/backend/cups-pdf"
name="/home/CODENET.LOCAL/codebase/PDF/" pid=6015 comm="cups-pdf"
requested_mask="c" denied_mask="c" fsuid=0 ouid=0
What I expected to happen:
cups-pdf creates the pdf file it was supposed to.
As a workaround, I set cups-pdf to use the third-party settings from the cups
profile, then it worked as expected.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1698693/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
