Comment 0 for bug 1993572

After the fix for #1990692, one more rule is needed it seems.

I put all samba profiles in enforce mode, and when I ran that final command, got an error and an apparmor denied message:

$ rpcclient -Uroot%root localhost -c 'getprinter testprinter 2'
cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe spoolss failed with error NT_STATUS_CONNECTION_DISCONNECTED
do_cmd: Could not initialise spoolss. Error was NT_STATUS_CONNECTION_DISCONNECTED

[qua out 19 14:42:36 2022] audit: type=1400 audit(1666201357.627:342): apparmor="DENIED" operation="mkdir" class="file" namespace="root//lxd-k-samba-apparmor_<var-snap-lxd-common-lxd>" profile="samba-rpcd-spoolss" name="/var/cache/samba/printing/" pid=129107 comm="rpcd_spoolss" requested_mask="c" denied_mask="c" fsuid=1000000 ouid=1000000

And indeed, that directory wasn't created:
$ l /var/cache/samba/printing
ls: cannot access '/var/cache/samba/printing': No such file or directory
$ l /var/cache/samba/
total 16K
drwxr-xr-x 1 root root 48 Oct 19 17:42 .
drwxr-xr-x 1 root root 170 Oct 19 17:41 ..
-rw-r--r-- 1 root root 166 Oct 19 17:42 browse.dat
-rw-r--r-- 1 root root 8.7K Oct 19 17:42 smbprofile.tdb