Ubuntu
cups package

Missing entries in cups apparmor profile

Bug #1009367 reported by Hadmut Danisch on 2012-06-06

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	cups (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Hi,

when printing through cups-pdf, I constantly get apparmor error messages like

Jun 5 18:50:16 gomorrha kernel: [33258.590938] type=1400 audit(1338915016.009:60): apparmor="DENIED" operation="open" parent=24523 profile="/usr/lib/cups/backend/cups-pdf" name="/proc/24524/auxv" pid=24524 comm="gs" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000

because the apparmor profile for cups-pdf, which is part of /etc/apparmor.d/usr.sbin.cupsd which comes with cups, does not allow access to /proc/24524/auxv.

Furthermore, it lacks something like

#include <local/usr.sbin.cups-pdf>

why someone can't fix the problem without breaking the upgrade for configuration files.

regards

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: cups 1.5.3-0ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-24.39-generic 3.2.16
Uname: Linux 3.2.0-24-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 2.0.1-0ubuntu8
Architecture: amd64
Date: Wed Jun 6 09:55:01 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111011)
Lpstat:
device for Deskjet-F2100-series: hp:/usb/Deskjet_F2100_series?serial=CN7CK4T2NP04TK
device for HP-LaserJet-1320: socket://192.168.160.1:9100
device for PDF: cups-pdf:/
MachineType: FOXCONN NT-A2400&NT-A3500
Papersize: a4
PpdFiles:
PDF: Generic CUPS-PDF Printer
HP-LaserJet-1320: HP LaserJet 1320 series Postscript (recommended)
Deskjet-F2100-series: HP Deskjet f2100 Series, hpcups 3.12.2
ProcEnviron:
TERM=xterm
PATH=(custom, user)
LANG=de_DE.UTF-8
SHELL=/bin/tcsh
ProcKernelCmdLine: BOOT_IMAGE=/vmlinuz-3.2.0-24-generic root=/dev/mapper/vg1-root ro quiet splash vt.handoff=7
SourcePackage: cups
UpgradeStatus: Upgraded to precise on 2012-05-03 (33 days ago)
dmi.bios.date: 12/16/2011
dmi.bios.vendor: American Megatrends Inc.
dmi.bios.version: 4.6.4
dmi.board.asset.tag: To be filled by O.E.M.
dmi.board.name: NT-A2400&NT-A3500
dmi.board.vendor: FOXCONN
dmi.board.version: FAB 2.0
dmi.chassis.asset.tag: To Be Filled By O.E.M.
dmi.chassis.type: 4
dmi.chassis.vendor: FOXCONN
dmi.chassis.version: To Be Filled By O.E.M.
dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr4.6.4:bd12/16/2011:svnFOXCONN:pnNT-A2400&NT-A3500:pvrFAB2.0:rvnFOXCONN:rnNT-A2400&NT-A3500:rvrFAB2.0:cvnFOXCONN:ct4:cvrToBeFilledByO.E.M.:
dmi.product.name: NT-A2400&NT-A3500
dmi.product.version: FAB 2.0
dmi.sys.vendor: FOXCONN

Tags:

Related branches

lp:ubuntu/quantal/cups

Revision history for this message

Hadmut Danisch (hadmut) wrote on 2012-06-06:

BootDmesg.txt Edit (61.8 KiB, text/plain; charset="utf-8")
CupsErrorLog.txt Edit (1.4 KiB, text/plain; charset="utf-8")
CurrentDmesg.txt Edit (2.7 KiB, text/plain; charset="utf-8")
Dependencies.txt Edit (4.1 KiB, text/plain; charset="utf-8")
Locale.txt Edit (327 bytes, text/plain; charset="utf-8")
Lspci.txt Edit (16.2 KiB, text/plain; charset="utf-8")
Lsusb.txt Edit (779 bytes, text/plain; charset="utf-8")
PrintingPackages.txt Edit (1.2 KiB, text/plain; charset="utf-8")
ProcCpuinfo.txt Edit (1.7 KiB, text/plain; charset="utf-8")
ProcInterrupts.txt Edit (1.7 KiB, text/plain; charset="utf-8")
ProcModules.txt Edit (4.4 KiB, text/plain; charset="utf-8")
UdevDb.txt Edit (119.3 KiB, text/plain; charset="utf-8")
UdevLog.txt Edit (249.2 KiB, text/plain; charset="utf-8")

Revision history for this message

Till Kamppeter (till-kamppeter) wrote on 2012-06-06:

pitti, this is an AppArmor issue. Can you check whether the suggested changes are OK?

Revision history for this message

Martin Pitt (pitti) wrote on 2012-06-06:

Fixed in packaging bzr, thanks!

Changed in cups (Ubuntu):
status:	New → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2012-06-19:

This bug was fixed in the package cups - 1.5.3-2

---------------
cups (1.5.3-2) unstable; urgency=low

  [ Till Kamppeter ]
  * debian/libcups2-dev.install, debian/rules: Correctly install
    language-private.h as /usr/include/cups/i18n.h, .install file entries
    cannot rename files (LP: #1013470).

  [ Martin Pitt ]
  * debian/local/apparmor-profile: Allow cups-pdf to read /proc/*/auxv; it's
    harmless information. (LP: #1009367)
  * debian/control: Tighten cups' and cups-client's dependency to libcups2 to
    current binary version. They use private symbols from the libraries which
    the automatic dependencies from the .symbols files don't cover.
    (Closes: #668662, #677180)

  [ Andy Whitcroft ]
  * debian/libcupsppdc1.symbols: add two optional symbols which are only
    emitted on armel and armhf architectures.
-- Martin Pitt <email address hidden> Tue, 19 Jun 2012 12:25:11 +0200

Changed in cups (Ubuntu):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntucups package

Missing entries in cups apparmor profile

Bug Description

Related branches

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
cups package