This patch does not really look valid. There is no access mode 'k', and there should be no need for cupsys to write /etc/krb5.conf. I guess the invalid mode broke the entire profile and thus your cupsys isn't covered by AppArmor at all?
I changed the package to have read-only access to /etc/krb5.conf and read-write access to /etc/cups/krb5.keytab. Please let us know if you still have problems with the version I'm going to upload within the hour.
This patch does not really look valid. There is no access mode 'k', and there should be no need for cupsys to write /etc/krb5.conf. I guess the invalid mode broke the entire profile and thus your cupsys isn't covered by AppArmor at all?
I changed the package to have read-only access to /etc/krb5.conf and read-write access to /etc/cups/ krb5.keytab. Please let us know if you still have problems with the version I'm going to upload within the hour.
Thank you!