Ubuntu
cups package

AppArmor prevents Cups to print to a serial printer connected through an usb adapter

Bug #677432 reported by Javier Rivera
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
cups (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: apparmor

Context:

I'm trying to get cups to print to an old label printer connected to my laptop through an usb-to-RS232 cable. Ubuntu 10.10.

Bug:

AppArmor prevents cups to access /dev/ttyUSB0. CUPS returned a "permission denied error". I expect that CUPS sends the data to the printer.

dmesg show:
type=1400 audit(1290167643.039:240): apparmor="DENIED" operation="open" parent=4772 profile="/usr/sbin/cupsd" name="/dev/ttyUSB0" pid=4802 comm="serial" requested_mask="rw" denied_mask="rw" fsuid=0 ouid=0

After issuing sudo aa-complain /usr/sbin/cupsd printer receives data (light flashes). It doesn't work but it's likely an unrelated problem. CUPS stops complaining.

Likely cause:

I don't understand AppArmor, but in /etc/apparmor.d/usr.bin.cupsd I find this lines:

deny /dev/tty*
/dev/ttyS*

If I understood it correctly (if I do kudos to AppArmor developers), we need to add another exception for this kind of adapter, something like

/dev/ttyU*

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: apparmor 2.5.1-0ubuntu0.10.10.2
ProcVersionSignature: Ubuntu 2.6.35-23.40-generic 2.6.35.7
Uname: Linux 2.6.35-23-generic i686
Architecture: i386
Date: Fri Nov 19 13:03:51 2010
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.10 "Maverick Meerkat" - Beta i386 (20100901.1)
ProcEnviron:
 LANG=gl_ES.utf8
 SHELL=/bin/bash
ProcKernelCmdline: BOOT_IMAGE=/boot/vmlinuz-2.6.35-23-generic root=UUID=d8a4ecb5-65d3-4bc5-8867-4a88c10451c5 ro quiet splash
SourcePackage: apparmor

Revision history for this message
Javier Rivera (javier-isotecsl) wrote :
Revision history for this message
Javier Rivera (javier-isotecsl) wrote :

Note that in the end of attached KernLog and ApparmorStatus I had manually put AppArmor in audit mode.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for reporting this issue.

Yes, it should be as simple as adding the "/dev/ttyU*" line to the cups apparmor profile. Could you give it a try and report back here if it worked or not, so we can get it changed in our next version?

You can get information on how to modify profiles here:

https://wiki.ubuntu.com/DebuggingApparmor

Thanks!

tags: added: apparmor
affects: apparmor (Ubuntu) → cups (Ubuntu)
Changed in cups (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Till Kamppeter (till-kamppeter)
Changed in cups (Ubuntu):
status: New → Confirmed
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Actually, please try /dev/ttyUSB* to make it more specific.

Revision history for this message
Javier Rivera (javier-isotecsl) wrote :

Ok, I'll have to fight the printer again on Monday, I'll report if this change works.

Revision history for this message
Javier Rivera (javier-isotecsl) wrote :

Checked with the following lines in /etc/apparmor.d/usr.sbin.cupsd

  deny /dev/tty* rw, # silence noise
  /dev/ttyS* rw,
  /dev/ttyUSB* rw,

It works, where work is it still don't print a thing, but looks like it's receiving some kind of data. No apparmor complain.

Revision history for this message
Steven Walter (stevenrwalter) wrote :

This bug has been open over six months. Is there some problem with the proposed fix? I can attest that it works for me, unfortunately I spent the better part of a day independently coming to the same answer. There's no telling how many users have run into this issue and simply thrown up their hands...

Jamie Strandboge (jdstrand)
Changed in cups (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → nobody
Revision history for this message
Javier Rivera (javier-isotecsl) wrote :

The problem seems to be that nobody wants/knows how to make a patch.

Martin Pitt (pitti)
Changed in cups (Ubuntu):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (4.0 KiB)

This bug was fixed in the package cups - 1.5.0-1

---------------
cups (1.5.0-1) experimental; urgency=low

  [ Till Kamppeter ]
  * New upstream release
  * debian/patches/usb-backend-no-segfault-on-bad-device-id.patch,
    debian/patches/usb-backend-accept-old-usblp-uris.patch,
    debian/patches/use-ps2write-ghostscript-device-for-pdftops-filter.patch:
    Removed, included upstream.
  * debian/patches/poppler-based-pdftops-fixes.patch,
    debian/patches/do-not-emit-ps-level-3-with-poppler.patch: Replaced patch
    by a new one only containing the parts which remain after removing the
    parts included upstream.
  * debian/patches/pidfile.patch,
    debian/patches/ppd-poll-with-client-conf.patch,
    debian/patches/cups-avahi.patch,
    debian/patches/drop_unnecessary_dependencies.patch,
    debian/patches/do-not-broadcast-with-hostnames.patch,
    debian/patches/ppdc-dynamic-linking.patch,
    debian/patches/pstops-based-workflow-only-for-printing-ps-on-a-ps-printer.patch:
    Manually regenerated to adapt to upstream changes.
  * debian/patches/manpage-translations.patch,
    debian/patches/rootbackends-worldreadable.patch,
    debian/patches/no-conffile-timestamp.patch,
    debian/patches/read-embedded-options-from-incoming-postscript-and-add-to-ipp-attrs.patch,
    debian/patches/cups-snmp-oids-device-id-hp-ricoh.patch,
    debian/patches/configure-default-browse-protocols.patch,
    debian/patches/logfiles_adm_readable.patch,
    debian/patches/confdirperms.patch,
    debian/patches/printer-filtering.patch,
    debian/patches/show-compile-command-lines.patch,
    debian/patches/log-debug-history-nearly-unlimited.patch:
    Refreshed using quilt.
  * debian/patches/default-ripcache-size-auto.patch: Dropped, as once,
    Ghostscript 9.04 is ignoring the cache size value as it crashes easily
    otherwise (Ghostscript upstream bug #691586) and second, CUPS defaults to
    more reasonable 128 MB (now only used for imagetops).
  * debian/patches/support-gzipped-charmaps.patch: Dropped, as the SBCS and
    VBCS character maps are not used any more by CUPS.
  * debian/rules: Enable threads in the ./configure command line, as otherwise
    CUPS 1.5.0 does not build at all.
  * debian/local/filters/pdf-filters/filter/pdftoijs.cxx,
    debian/local/filters/pdf-filters/filter/pdftoraster.cxx,
    debian/local/filters/pdf-filters/pdftoopvp/pdftoopvp.cxx,
    debian/local/filters/pdf-filters/pdftopdf/pdftopdf.cxx: Under CUPS 1.5.x.
    all programs using the PPD API of CUPS need to explicitly include
    "<cups/ppd.h>". Updated the PDF filter add-on package.
  * debian/local/filters/pdf-filters/addtocups: Make the addition of the
    pdftopdf and pdftoopvp directories also work with CUPS 1.5.x.
  * debian/local/filters/pdf-filters/addtocups,
    debian/local/filters/pdf-filters/removefromcups: Added a symbolic link
    cups/i18n.h, so that texttopdf builds.
  * debian/cups-client.install: Install the new ipptool and its sample
    files and manpages.
  * debian/cups-client.install: Commented out lines for dropped man page
    translations: ipptool, lppasswd, client.conf, ipptoolfile, cupsenable,
    lpadmin, lpinfo, cupsreject, cupsdisable, cups...

Read more...

Changed in cups (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Richard Peake (yourtechfriend) wrote :

dpkg -l | grep cups
shows I have: cups 1.4.6-5ubuntu1.4

How do I get the cups fix for Ubuntu 11.11 Precise?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.