Bug#915902: cups-client: Printing to a queue with a URI of file:/home/... is not possible
On Sun 09 Dec 2018 at 08:26:20 +0100, intrigeri wrote:
> Control: notfound -1 2.2.9-4
>
> Hi Brian,
>
> Brian Potkin:
> > I set up a testing print queue
>
> > lpadmin -p testq -v file:/home/brian/capture -E -m drv:///sample.drv/generic.ppd
> > [...]
> > Dec 07 18:20:56 test audit[430]: AVC apparmor="DENIED" operation="mknod" \
> > profile="/usr/sbin/cupsd" name="/home/brian/capture" pid=430 comm="cupsd" \
> > requested_mask="c" denied_mask="c" fsuid=0 ouid=0
>
> I think it's reasonable that the cupsd AppArmor profile does not allow
> writing to arbitrary places under /home by default. To fix this:
>
> - Either add rules to support your local custom configuration in
> /etc/apparmor.d/local/usr.sbin.cupsd
>
> - Or take advantage of the fact the profile includes
> abstractions/user-tmp, which grants access to ~/tmp/**, and instead
> create your testing print queue somewhere under /home/brian/tmp/.
>
> Now, if documentation we're shipping has lead you to create this queue
> in /home/brian/capture, please file a dedicated bug about it and I'll
> try to fix it.
Apologies for the really late reply, intrigeri.
You will see that I have closed the bug report. However, I have
taken note of what you have said and applied your second suggestion
(create a print queue under /home/brian/tmp/) and this works well.
Like OdyX in
https://lists.debian.org/debian-printing/2018/11/msg00118.html
I have only a hazy understanding of how apparmor operates. I promise
to improve on that.
Thank you for caring about the printing system.
Regards,
Brian.
Reply to: