Ubuntu
cups package

dist-upgrade

Bug #1317893 reported by omlk
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Fix Released
Low
Unassigned

Bug Description

Warning from profile /usr/sbin/cups-browsed (/etc/apparmor.d/usr.sbin.cups-browsed) ptrace rules not enforced
Warning from profile /usr/sbin/cups-browsed (/etc/apparmor.d/usr.sbin.cups-browsed) signal rules not enforced

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: ubuntu-release-upgrader-core 1:0.220.3
ProcVersionSignature: Ubuntu 3.13.0-16.36-generic 3.13.5
Uname: Linux 3.13.0-16-generic x86_64
ApportVersion: 2.14.1-0ubuntu3
Architecture: amd64
CrashDB: ubuntu
CurrentDesktop: Unity
Date: Fri May 9 15:36:40 2014
InstallationDate: Installed on 2014-02-20 (77 days ago)
InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Alpha amd64 (20140217)
PackageArchitecture: all
SourcePackage: ubuntu-release-upgrader
Symptom: dist-upgrade
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
omlk (omlk) wrote :
Brian Murray (brian-murray)
affects: ubuntu-release-upgrader (Ubuntu) → cups (Ubuntu)
Revision history for this message
Till Kamppeter (till-kamppeter) wrote :

Please run the command

sudo aa-status

in a terminal window and post the output here.

Changed in cups (Ubuntu):
status: New → Incomplete
Revision history for this message
omlk (omlk) wrote :

omlk@omlk-sys:~$ sudo aa-status
[sudo] password for omlk:
apparmor module is loaded.
21 profiles are loaded.
21 profiles are in enforce mode.
   /sbin/dhclient
   /usr/bin/evince
   /usr/bin/evince-previewer
   /usr/bin/evince-previewer//sanitized_helper
   /usr/bin/evince-thumbnailer
   /usr/bin/evince-thumbnailer//sanitized_helper
   /usr/bin/evince//sanitized_helper
   /usr/lib/NetworkManager/nm-dhcp-client.action
   /usr/lib/connman/scripts/dhclient-script
   /usr/lib/cups/backend/cups-pdf
   /usr/lib/lightdm/lightdm-guest-session
   /usr/lib/lightdm/lightdm-guest-session//chromium
   /usr/lib/telepathy/mission-control-5
   /usr/lib/telepathy/telepathy-*
   /usr/lib/telepathy/telepathy-*//pxgsettings
   /usr/lib/telepathy/telepathy-*//sanitized_helper
   /usr/lib/telepathy/telepathy-ofono
   /usr/sbin/cups-browsed
   /usr/sbin/cupsd
   /usr/sbin/mysqld
   /usr/sbin/tcpdump
0 profiles are in complain mode.
5 processes have profiles defined.
5 processes are in enforce mode.
   /sbin/dhclient (755)
   /usr/lib/telepathy/mission-control-5 (2503)
   /usr/sbin/cups-browsed (1081)
   /usr/sbin/cupsd (2485)
   /usr/sbin/mysqld (1125)
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
omlk@omlk-sys:~$

Revision history for this message
Martin Pitt (pitti) wrote :

AppArmor devs, how serious is that warning, is it expected or is something broken here? Thanks!

Changed in cups (Ubuntu):
importance: Undecided → Low
Revision history for this message
Seth Arnold (seth-arnold) wrote :

There is no real harm with ptrace and signal rules not being enforced, previous releases did not confine these aspects of process execution; the warning is primarily for the sites where lacking aspects of confinement is a much more important matter.

If I recall correctly, the ptrace and signal features were added to the 14.04 LTS kernel after 3.13.0-16.36 -- probably once this computer boots into a release kernel or newer, these messages will go away on their own.

omlk, please consider updating your system as soon as possible; the kernel version you are currently running has a known severe security flaw. Further details can be found at http://www.ubuntu.com/usn/usn-2204-1/

Thanks

Changed in cups (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.