> audit(1234518067.729:18152): type=1503 operation="inode_permission" > requested_mask="w::" denied_mask="w::" name="/etc/krb5.conf" pid=12486 > profile="/usr/sbin/cupsd" namespace="default"
This looks worrysome. Why does it want to write ("w") krb5.conf? ...
> Then I add "/etc/krb5.conf r," to app-armour for usr.sbin.cupsd
Anyway, you only gave it read permissions, which should really be sufficient. Since you say that works, all is great.
'k' means "lock", BTW, i. .e you can call flock() on a file. It's rather harmless.
So I'll add those changes to the cups profile.
Thank you!
> audit(123451806 7.729:18152) : type=1503 operation= "inode_ permission" mask="w: :" denied_mask="w::" name="/ etc/krb5. conf" pid=12486 "/usr/sbin/ cupsd" namespace="default"
> requested_
> profile=
This looks worrysome. Why does it want to write ("w") krb5.conf? ...
> Then I add "/etc/krb5.conf r," to app-armour for usr.sbin.cupsd
Anyway, you only gave it read permissions, which should really be sufficient. Since you say that works, all is great.
'k' means "lock", BTW, i. .e you can call flock() on a file. It's rather harmless.
So I'll add those changes to the cups profile.
Thank you!