dmesg reports: apparmor="DENIED" for cupsd

Bug #1031583 reported by Kaulbach on 2012-08-01
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Low
Jamie Strandboge

Bug Description

Ubuntu quantal (development branch) , KDE 4.9.0
Upgraded continuously since Hardy Heron
64 bit 3.5.0-6-generic
apparmor version: 2.8.0-0ubuntu1

Kaulbach (mystic-scientist) wrote :
Steve Beattie (sbeattie) wrote :

The specific rejection is:

  [ 351.624338] type=1400 audit(1343775571.688:27): apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/cupsd" pid=1361 comm="cupsd" pid=1361 comm="cupsd" capability=36 capname="block_suspend"

This capability was added in http://repo.or.cz/w/linux-2.6.git/commit/d9914cf66181b8aa0929775f5c6f675c6ebc3eb5 and governs the ability to block suspending (currently via the EPOLLWAKEUP flag). Reading the the discussion thread about the feature at http://thread.gmane.org/gmane.linux.kernel/1249726/focus=1288990 , it's not entirely clear to me that cups needs this capability.

The cups apparmor profile is maintained in the cups package; moving there.

Changed in apparmor (Ubuntu):
status: New → Confirmed
affects: apparmor (Ubuntu) → cups (Ubuntu)
tags: added: apparmor
Changed in cups (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Low
status: Confirmed → In Progress
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cups - 1.6.1-0ubuntu3

---------------
cups (1.6.1-0ubuntu3) quantal; urgency=low

  * debian/local/apparmor-profile: deny capability block_suspend. It is noisy
    and doesn't seem to actually be needed. This can be revisited if it turns
    out it is needed. (LP: #1031583)
 -- Jamie Strandboge <email address hidden> Tue, 14 Aug 2012 14:03:27 -0500

Changed in cups (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers