Another data point... I'm using CodeHost's BrightQ driver for the Canon ImageRunner 8500. I tried modifying /etc/apparmor.d/usr.sbin.cupsd, adding in:
/usr/local/brightq/** rix,
No joy. Here's a slightly cleaned up section of /var/log/messages (sans the timestamps and the pid's, plus some intelligent word-wrapping.):
Oct 26 16:13:04 xxxxx kernel: [237029.923656] audit(1193429583.778:67):
type=1503 operation="inode_permission" requested_mask="a" denied_mask="a" name="/dev/tty" profile="/usr/sbin/cupsd"
type=1503 operation="inode_permission" requested_mask="r" denied_mask="r" name="/etc/codehost.conf" profile="/usr/sbin/cupsd"
type=1503 operation="inode_permission" requested_mask="w" denied_mask="w" name="/etc/krb5.conf" profile="/usr/sbin/cupsd"
type=1503 operation="inode_permission" requested_mask="x" denied_mask="x" name="/usr/local/brightq/filters/brightq-ps" profile="/usr/sbin/cupsd"
type=1503 operation="sysctl" requested_mask="r" denied_mask="r" name="/proc/sys/dev/parport/parport0/autoprobe" profile="/usr/sbin/cupsd"
Another data point... I'm using CodeHost's BrightQ driver for the Canon ImageRunner 8500. I tried modifying /etc/apparmor. d/usr.sbin. cupsd, adding in:
/ usr/local/ brightq/ ** rix,
No joy. Here's a slightly cleaned up section of /var/log/messages (sans the timestamps and the pid's, plus some intelligent word-wrapping.):
Oct 26 16:13:04 xxxxx kernel: [237029.923656] audit(119342958 3.778:67) :
type=1503 operation= "inode_ permission" mask="a" denied_mask="a" "/usr/sbin/ cupsd"
requested_
name="/dev/tty" profile=
type=1503 operation= "inode_ permission" mask="r" denied_mask="r" "/etc/codehost. conf" profile= "/usr/sbin/ cupsd"
requested_
name=
type=1503 operation= "inode_ permission" mask="w" denied_mask="w" "/etc/krb5. conf" profile= "/usr/sbin/ cupsd"
requested_
name=
type=1503 operation= "inode_ permission" mask="x" denied_mask="x" "/usr/local/ brightq/ filters/ brightq- ps" profile= "/usr/sbin/ cupsd"
requested_
name=
type=1503 operation="sysctl" mask="r" denied_mask="r" "/proc/ sys/dev/ parport/ parport0/ autoprobe" profile= "/usr/sbin/ cupsd"
requested_
name=