[pkg-apparmor] Bug#980974: apparmor blocks cups backend outgoing network connections
Christian Göttsche
cgzones at googlemail.com
Mon Sep 12 17:20:11 BST 2022
auditd shows the capability check is caused by setsockopt(2) with
option SO_SNDBUFFORCE:
type=AVC msg=audit(1662998083.773:76): apparmor="DENIED"
operation="capable" profile="/usr/sbin/cupsd" pid=955 comm="cupsd"
capability=12 capname="net_admin"
type=SYSCALL msg=audit(1662998083.773:76): arch=c000003e syscall=54
success=no exit=-1 a0=c a1=1 a2=20 a3=7ffffab6b404 items=0 ppid=1
pid=955 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="cupsd"
exe="/usr/sbin/cu
psd" subj=/usr/sbin/cupsd (enforce) key=(null) ARCH=x86_64
SYSCALL=setsockopt AUID="unset" UID="root" GID="root" EUID="root"
SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
type=PROCTITLE msg=audit(1662998083.773:76):
proctitle=2F7573722F7362696E2F6375707364002D6C
Possible cause might be a call to libsystemd (see fd_inc_sndbuf()).
More information about the pkg-apparmor-team
mailing list