-- I emailed a reply but it didn;t appear, so I'm posting the text straight in
Hi Martin, Sure - here you go: Martin Pitt wrote: > > Can you please reproduce the situation that caused an error before, and > > attach /var/log/kern.log? This will show me the exact violations that > > cause this. Thanks! > > > > ** Changed in: cupsys (Ubuntu) > > Assignee: (unassigned) => Martin Pitt (pitti) > > Status: New => Incomplete > > 1st level failure after aa-enforce /usr/sbin/cups; /etc/init.d/cupsys restart and then try to log into a secure cups page: 2009/02/13 09:41:07 notice kern rodan kernel: [558478.665721] audit(1234518067.729:18151): type=1503 operation="inode_permission" requested_mask="a::" denied_mask="a::" name="/dev/tty" pid=12486 profile="/usr/sbin/cupsd" namespace="default" 2009/02/13 09:41:07 notice kern rodan kernel: [558478.665903] audit(1234518067.729:18152): type=1503 operation="inode_permission" requested_mask="w::" denied_mask="w::" name="/etc/krb5.conf" pid=12486 profile="/usr/sbin/cupsd" namespace="default" ---- Then I add "/etc/krb5.conf r," to app-armour for usr.sbin.cupsd Rinse, lather, repeat and we get: 2009/02/13 09:45:33 notice kern rodan kernel: [558743.850245] audit(1234518333.342:18155): type=1503 operation="file_lock" requested_mask="k::" denied_mask="k::" name="/etc/krb5.keytab" pid=12702 profile="/usr/sbin/cupsd" namespace="default" So I add /etc/krb5.keytab k, (what's "k")? ---- Then we get: 2009/02/13 09:48:28 notice kern rodan kernel: [558918.559183] audit(1234518508.333:18172): type=1503 operation="file_lock" requested_mask="wk::" denied_mask="k::" name="/tmp/krb5cc_pam_CBTQ2A" pid=13023 profile="/usr/sbin/cupsd" namespace="default" (which is the kerberos ticket cache) *Don't* assume the form of the name of that temp file - it's configurable. So I add: /tmp/** rkw, ----- Re-init and that *seems* to work. Kerberos auth via PAM is now operational. But, I have little understanding of apparmor so you may be able to see sillyness in what I've done. Cheers - and thanks :) Glad to be able to help make a great distro 0.0001% better :) Best wishes Tim -- Hardy i386 Cupsd crash with SIGSEGV with PAM/Kerberos Auth https://bugs.launchpad.net/bugs/324645 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs