Comment 5 for bug 1989587

Revision history for this message
madigal (osse7) wrote :

Digging journalctl: lot of Apparmor "DENIED"

sept. 24 14:17:15 ub64 audit[1007]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=1007 comm="cupsd" capability=12 capname="net_admin"
sept. 24 14:17:16 ub64 audit[1182]: AVC apparmor="DENIED" operation="connect" profile="/usr/sbin/cups-browsed" name="/run/systemd/resolve/io.systemd.Resolve" pid=1182 comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=101
sept. 24 14:17:16 ub64 audit[1182]: AVC apparmor="DENIED" operation="connect" profile="/usr/sbin/cups-browsed" name="/run/systemd/resolve/io.systemd.Resolve" pid=1182 comm="cups-browsed" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=101
sept. 24 14:19:41 ub64 audit[4318]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4318 comm="snap-confine" capability=12 capname="net_admin"
sept. 24 14:19:41 ub64 audit[4318]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4318 comm="snap-confine" capability=38 capname="perfmon"
sept. 24 14:19:41 ub64 kernel: audit: type=1400 audit(1664021981.797:49): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4318 comm="snap-confine" capability=12 capname="net_admin"
sept. 24 14:19:41 ub64 kernel: audit: type=1400 audit(1664021981.797:50): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4318 comm="snap-confine" capability=38 capname="perfmon"
sept. 24 14:19:41 ub64 audit[4318]: AVC apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4318 comm="snap-confine" capability=4 capname="fsetid"
sept. 24 14:19:41 ub64 kernel: audit: type=1400 audit(1664021981.825:51): apparmor="DENIED" operation="capable" profile="/usr/lib/snapd/snap-confine" pid=4318 comm="snap-confine" capability=4 capname="fsetid"
sept. 24 14:19:42 ub64 audit[4337]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=4337 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 kernel: audit: type=1400 audit(1664021982.073:52): apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/cups/doc-root/" pid=4337 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 kernel: audit: type=1400 audit(1664021982.077:53): apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=4337 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 kernel: audit: type=1400 audit(1664021982.077:54): apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=4337 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 kernel: audit: type=1400 audit(1664021982.077:55): apparmor="DENIED" operation="open" profile="snap-update-ns.firefox" name="/var/lib/" pid=4337 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 audit[4337]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/gimp/2.0/" pid=4337 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 audit[4337]: AVC apparmor="DENIED" operation="mkdir" profile="snap-update-ns.firefox" name="/usr/share/libreoffice/help/" pid=4337 comm="5" requested_mask="c" denied_mask="c" fsuid=0 ouid=0
sept. 24 14:19:42 ub64 audit[4337]: AVC apparmor="DENIED" operation="open" profile="snap-update-ns.firefox" name="/var/lib/" pid=4337 comm="5" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Looks like the latest cups version has to be blame , due to:

cups (2.4.2-1ubuntu2) kinetic; urgency=medium

  * Add patch to build with snapd-glib-2

 -- Jeremy Bicha <email address hidden> Thu, 25 Aug 2022 21:54:33 -0400