Bug#915902: cups-client: Printing to a queue with a URI of file:/home/... is not possible
Control: notfound -1 2.2.9-4
Hi Brian,
Brian Potkin:
> I set up a testing print queue
> lpadmin -p testq -v file:/home/brian/capture -E -m drv:///sample.drv/generic.ppd
> [...]
> Dec 07 18:20:56 test audit[430]: AVC apparmor="DENIED" operation="mknod" \
> profile="/usr/sbin/cupsd" name="/home/brian/capture" pid=430 comm="cupsd" \
> requested_mask="c" denied_mask="c" fsuid=0 ouid=0
I think it's reasonable that the cupsd AppArmor profile does not allow
writing to arbitrary places under /home by default. To fix this:
- Either add rules to support your local custom configuration in
/etc/apparmor.d/local/usr.sbin.cupsd
- Or take advantage of the fact the profile includes
abstractions/user-tmp, which grants access to ~/tmp/**, and instead
create your testing print queue somewhere under /home/brian/tmp/.
Now, if documentation we're shipping has lead you to create this queue
in /home/brian/capture, please file a dedicated bug about it and I'll
try to fix it.
> (I hope the User* control fields are correct).
They are, thank you! :)
Cheers,
--
intrigeri
Reply to: