Ubuntu
cups package

dmesg reports: apparmor="DENIED" for cupsd

Bug #1031583 reported by Kaulbach
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Fix Released
Low
Jamie Strandboge

Bug Description

Ubuntu quantal (development branch) , KDE 4.9.0
Upgraded continuously since Hardy Heron
64 bit 3.5.0-6-generic
apparmor version: 2.8.0-0ubuntu1

Tags: apparmor
Revision history for this message
Kaulbach (mystic-scientist) wrote :
Revision history for this message
Steve Beattie (sbeattie) wrote :

The specific rejection is:

  [ 351.624338] type=1400 audit(1343775571.688:27): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/cupsd" pid=1361 comm="cupsd" pid=1361 comm="cupsd" capability=36 capname="block_suspend"

This capability was added in http://repo.or.cz/w/linux-2.6.git/commit/d9914cf66181b8aa0929775f5c6f675c6ebc3eb5 and governs the ability to block suspending (currently via the EPOLLWAKEUP flag). Reading the the discussion thread about the feature at http://thread.gmane.org/gmane.linux.kernel/1249726/focus=1288990 , it's not entirely clear to me that cups needs this capability.

The cups apparmor profile is maintained in the cups package; moving there.

Changed in apparmor (Ubuntu):
status: New → Confirmed
affects: apparmor (Ubuntu) → cups (Ubuntu)
tags: added: apparmor
Jamie Strandboge (jdstrand)
Changed in cups (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Low
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.6.1-0ubuntu3

---------------
cups (1.6.1-0ubuntu3) quantal; urgency=low

  * debian/local/apparmor-profile: deny capability block_suspend. It is noisy
    and doesn't seem to actually be needed. This can be revisited if it turns
    out it is needed. (LP: #1031583)
 -- Jamie Strandboge <email address hidden> Tue, 14 Aug 2012 14:03:27 -0500

Changed in cups (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.