[pkg-apparmor] Bug#968387: apparmor: Broken printing and printer autodiscovery

intrigeri intrigeri at debian.org
Fri Aug 21 11:02:04 BST 2020


Hi,

user (2020-08-20):
> With the printer found and printing not functional:
>
> # tail /var/log/cups/error_log
> E [20/Aug/2020:16:33:13 +0200] Unable to open listen socket for address [v1.::1]:631 - Permission denied.
> E [20/Aug/2020:16:33:13 +0200] Unable to open listen socket for address 127.0.0.1:631 - Permission denied.
> E [20/Aug/2020:16:35:26 +0200] [Job 34] Job stopped because the scheduler could not create the side-channel pipes.

I'm wondering how this part is related to AppArmor, because:

 - This "Permission denied" is about inet/inet6 sockets, which are
   allowed both for cupsd and cups-browsed via
   abstractions/nameservice.

 - Last time I checked, we did not support network rules in Debian.

 - I see no corresponding AppArmor denial in the journalctl output
   you've shared.

Are you running the Buster kernel on this machine, or anything else?
(In the future, please consider using reportbug to report bugs:
it includes information that package maintainers may need to
understand and fix the problem you're experiencing.)

Also, it could be that having a bit more CUPS logs than these 3 lines
would help.

> # journalctl -kaf --no-hostname | grep -w 'apparmor="DENIED"'
> ago 20 16:35:49 kernel: audit: type=1400 audit(1597934149.904:2054): apparmor="DENIED" operation="create" profile="/usr/sbin/cups-browsed" pid=825 comm="cups-browsed" family="unix" sock_type="stream" protocol=0 requested_mask="create" denied_mask="create" addr=none

Only this single line?

Could you please add this line to
/etc/apparmor.d/local/usr.sbin.cups-browsed:

  unix,

… and then reboot and retry?

> I cannot recreate the other case where the printer was not found at all.

OK.

> This is not related to lxc (this machine has no containers yet)
> except that it recommends apparmor.

Thank you for clarifying :)



More information about the pkg-apparmor-team mailing list