[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#988764: cups-browsed: apparmor blocks access to /usr/share/{cups/,}/locale



Hi OdyX,

On  Fr 21 Mai 2021 15:59:04 CEST, Didier 'OdyX' Raboud wrote:

Control: tags -1 +pending

Hello Mike, and thanks for your patch-provided bugreport.

Le mercredi, 19 mai 2021, 12.33:10 h CEST Mike Gabriel a écrit :
With CUPS on buster and bullseye I see these messages in /var/log/syslog:

May 19 12:26:12 server03 kernel: [4563725.605605] audit: type=1400
audit(1621419972.056:193): apparmor="DENIED" operation="open"
profile="/usr/sbin/cups-browsed" name="/usr/share/cups/locale/"
pid=17771 comm="cups-browsed" requested_mask="r" denied_mask="r"
fsuid=0 ouid=0
May 19 12:26:12 server03 kernel: [4563725.606138] audit: type=1400
audit(1621419972.056:194): apparmor="DENIED" operation="open"
profile="/usr/sbin/cups-browsed" name="/usr/share/locale/" pid=17771
comm="cups-browsed" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 19 12:27:08 server03 systemd[1]: cups-browsed.service: Succeeded.


These error messages / folder access blocks can be amended by this
change in /etc/apparmor.d/usr.sbin.cups-browsed: (…)

I'll upload to experimental in a moment. I assume it doesn't warrant rising
severity and aiming at Bullseye, right?

Basically, why not? It clutters syslog. It probably won't have functional consequences, but still...

Mike
--

DAS-NETZWERKTEAM
c\o Technik- und Ökologiezentrum Eckernförde
Mike Gabriel, Marienthaler Str. 17, 24340 Eckernförde
mobile: +49 (1520) 1976 148
landline: +49 (4351) 850 8940

GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22  0782 9AF4 6B30 2577 1B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de

Attachment: pgp4U_6GzIrkS.pgp
Description: Digitale PGP-Signatur


Reply to: