Package: cups
Version: 2.3.3op1-7
After upgrading to bullseye, TCP connections from cupsd to localhost appeared to be blocked:
Jan 23 23:39:29 debian audit[2172]: AVC apparmor="DENIED" operation="capable" profile="" pid=2172 comm="cupsd" capability=12 capname="net_admin"
Jan 23 23:39:29 debian systemd[1]: Started CUPS Scheduler.
Jan 23 23:39:29 debian kernel: kauditd_printk_skb: 10 callbacks suppressed
Jan 23 23:39:29 debian kernel: audit: type=1400 audit(1611445169.589:22): apparmor="DENIED" operation="capable" profile="" pid=2172 comm="cupsd" capability=12>
Jan 23 23:39:29 debian systemd[1]: Started Make remote CUPS printers available locally.
Jan 23 23:39:29 debian audit[2174]: AVC apparmor="DENIED" operation="capable" profile="" pid=2174 comm="cups-browsed" capability=23 capname="sys_nice"
I worked around this with `aa-complain cupsd`, `aa-complain cups-browsed`, but I would guess that this should work without modifications, unless this (TCP connections from cupsd to backend driver) is considered non-standard usage?