Comment 18 for bug 133982

I had this problem with an HP Deskjet 722C, running Ubuntu 7.10. I seem to have fixed the problem, but the advice was not perfectly clear to me. I did the following:

michael@Satori:~$ sudo /etc/init.d/apparmor stop
[sudo] password for michael:
Unloading AppArmor profiles : done.
michael@Satori:~$ sudo gedit /etc/apparmor.d/usr.sbin.cupsd

However, the suggested addition of:
" /etc/* r,
at the end of the list of all the other /etc/ exceptions"

is ambiguous for someone who has no idea what these commands are all about, or even what language they are in. There were two possible places where there was a list of "etc" strings. The first is a follows:

  # nasty, but we limit file access pretty tightly, and cups chowns a
  # lot of files to 'lp' which it cannot read/write afterwards any
  # more
  capability dac_override,

  /bin/bash ixr,
  /bin/dash ixr,
  /bin/hostname ixr,
  /dev/lp* rw,
  /dev/ttyS* rw,
  /dev/usb/lp* rw,
  /etc/cups/ rw,
  /etc/cups/** rw,
  /etc/foomatic/* r,
  /etc/gai.conf r,
  /etc/shadow m,
  /etc/passwd m,
  /etc/group m,
  /etc/papersize r,
  /etc/printcap rwl,
  /etc/ssl/** r,
  /etc/* r,
  @{PROC}/net/ r,

The second is this:

# separate profile since this needs to write into /home
/usr/lib/cups/backend/cups-pdf {
  #include <abstractions/base>
  #include <abstractions/fonts>
  #include <abstractions/nameservice>
  #include <abstractions/user-tmp>

  capability chown,
  capability fowner,
  capability fsetid,
  capability setgid,
  capability setuid,

  /bin/dash ixr,
  /bin/bash ixr,
  /etc/papersize r,
  /etc/cups/cups-pdf.conf r,
  /etc/* r,
  @{HOME}/PDF/ w,

Note that I added the "/etc/* r," in two places. The printer seems to work well. How reliably I cannot say. However, since this was done in cook book fashion, I have no idea if both "/etc/* r," insertions were necessary, or desirable.