cups missing write permission (for sendmessage operation) in apparmor

Bug #1909297 reported by Ömer Fadıl USTA
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

After updating recent version of cups (2.3.3op1-3ubuntu1) :
I have started to get errors about its missing permissions on journal

audit[29527]: AVC apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/cupsd" name="/run/systemd/notify" pid=29527 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
kernel: audit: type=1400 audit(1608880333.084:56): apparmor="DENIED" operation="sendmsg" profile="/usr/sbin/cupsd" name="/run/systemd/notify" pid=29527 comm="cupsd" requested_mask="w" denied_mask="w" fsuid=0 ouid=0
---
ProblemType: Bug
ApportVersion: 2.20.11-0ubuntu55
Architecture: amd64
CasperMD5CheckResult: skip
CupsErrorLog: E [25/Dec/2020:10:11:15 +0300] [CGI] ippfind (PID 12144) stopped with status 1!
CurrentDesktop: ubuntu:GNOME
DistroRelease: Ubuntu 21.04
InstallationDate: Installed on 2020-12-25 (0 days ago)
InstallationMedia: Ubuntu 21.04 "Hirsute Hippo" - Alpha amd64 (20201224)
KernLog:

Lpstat: Error: command ['lpstat', '-v'] failed with exit code 1: lpstat: No destinations added.
MachineType: LENOVO INVALID
NonfreeKernelModules: nvidia_modeset nvidia
Package: cups 2.3.3op1-3ubuntu1
PackageArchitecture: amd64
Papersize: a4
ProcCmdline: BOOT_IMAGE=/@/boot/vmlinuz-5.8.0-34-generic root=UUID=b42aef37-b541-43bb-bef8-2dcb8f34df09 ro rootflags=subvol=@ quiet splash vt.handoff=7
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-5.8.0-34-generic root=UUID=b42aef37-b541-43bb-bef8-2dcb8f34df09 ro rootflags=subvol=@ quiet splash vt.handoff=7
ProcVersionSignature: Ubuntu 5.8.0-34.37+21.04.1-generic 5.8.18
Tags: hirsute package-from-proposed
Uname: Linux 5.8.0-34-generic x86_64
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: adm cdrom dip lpadmin lxd plugdev sambashare sudo
_MarkForUpload: True
dmi.bios.date: 01/11/2019
dmi.bios.release: 1.45
dmi.bios.vendor: LENOVO
dmi.bios.version: 4KCN45WW
dmi.board.asset.tag: NO Asset Tag
dmi.board.name: VIUU4
dmi.board.vendor: LENOVO
dmi.board.version: NO DPK
dmi.chassis.asset.tag: NO Asset Tag
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: INVALID
dmi.ec.firmware.release: 1.45
dmi.modalias: dmi:bvnLENOVO:bvr4KCN45WW:bd01/11/2019:br1.45:efr1.45:svnLENOVO:pnINVALID:pvrINVALID:rvnLENOVO:rnVIUU4:rvrNODPK:cvnLENOVO:ct10:cvrINVALID:
dmi.product.family: IDEAPAD
dmi.product.name: INVALID
dmi.product.sku: LENOVO_BI_IDEAPAD4K_BU_idea_FM_
dmi.product.version: INVALID
dmi.sys.vendor: LENOVO

Revision history for this message
lotuspsychje (lotuspsychje) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. Please execute the following command only once, as it will automatically gather debugging information, in a terminal:
apport-collect 1909297

When reporting bugs in the future please use apport by using 'ubuntu-bug' and the name of the package affected. You can learn more about this functionality at https://wiki.ubuntu.com/ReportingBugs.

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : CurrentDmesg.txt

apport information

tags: added: apport-collected hirsute package-from-proposed
description: updated
Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Dependencies.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Locale.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Lspci.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Lspci-vt.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Lsusb.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Lsusb-t.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : Lsusb-v.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : PrintingPackages.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : ProcCpuinfo.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : ProcCpuinfoMinimal.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : ProcEnviron.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : ProcInterrupts.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : ProcModules.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : UdevDb.txt

apport information

Revision history for this message
Ömer Fadıl USTA (omerusta) wrote : acpidump.txt

apport information

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cups (Ubuntu):
status: New → Confirmed
Revision history for this message
rew (r-e-wolff) wrote :

Soo.... any progress about this in 6 months?

Revision history for this message
rew (r-e-wolff) wrote :

Hi,

I got fed up and figured out how to configure apparmor to allow it.

I added

# *** Added by rew.
  /run/systemd/notify rw,

near line 108 of /etc/apparmor.d/usr.sbin.cupsd

That solves it.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers