[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1053511: Problem found

||

Because there is no logging for cups I have done some basic checks:

# systemctl status cups
●cups.service - CUPS Scheduler
    Loaded: loaded (/lib/systemd/system/cups.service; enabled; vendor preset: enabled) 
    Active: active (running)since Wed 2023-11-08 14:23:09 CET; 19s ago
TriggeredBy: ● cups.path
●cups.socket
      Docs: man:cupsd(8)
  Main PID: 9417 (cupsd)
    Status: "Scheduler is running..."
     Tasks: 1 (limit: 9336)
    Memory: 1.3M
       CPU: 13ms
    CGroup: /system.slice/cups.service
            └─9417 /usr/sbin/cupsd -l
Nov 08 14:23:09 PC cupsd[9417]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:23:09 PC cupsd[9417]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:23:09 PC cupsd[9417]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:23:09 PC cupsd[9417]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:23:09 PC cupsd[9417]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:23:09 PC cupsd[9417]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:23:09 PC cupsd[9417]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:23:09 PC cupsd[9417]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:23:09 PC cupsd[9417]: Unable to open log file "/var/log/cups/error_log" - No such file or directory 
Nov 08 14:23:09 PC systemd[1]: Started CUPS Scheduler.


drwxr-xr-x   2 root              root            4,0K  5. Okt 16:35 cups
It did not help to change the group of /var/log/cups to lpadmin!

So I tried to delete the directory and let it be created new with
dpkg-reconfigure cups-daemon
Job failed. See "journalctl -xe" for details.

# journalctl -xe
Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/spool/cups/" pid=95> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=9568 comm="cupsd" capability=12  > Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/cache/cups/" pid=95> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/cache/cups/rss/" pi> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/spool/cups/tmp/" pi> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/spool/cups/" pid=956> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/spool/cups/tmp/" pid> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/cache/cups/" pid=956> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mknod" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/cache/cups/org.cups> Nov 08 14:24:04 PC audit[9568]: AVC apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" name="/srv/ssd1/var/log/cups/" pid=9568> Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6618): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" nam> Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6619): apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" nam> Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6620): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" p> Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6621): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" nam> Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6622): apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" nam> Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6623): apparmor="DENIED" operation="chown" profile="/usr/sbin/cupsd" nam> Nov 08 14:24:04 PC kernel: audit: type=1400 audit(1699449844.150:6624): apparmor="DENIED" operation="mkdir" profile="/usr/sbin/cupsd" nam> Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory Nov 08 14:24:04 PC cupsd[9568]: Unable to create directory "/var/log/cups" - Permission denied Nov 08 14:24:04 PC cupsd[9568]: Unable to open log file "/var/log/cups/error_log" - No such file or directory 

There is a problem with apparmor!
apparmor must have been altered by the upgrade, it was not touched in any way.
In /etc/apparmor.d/usr.sbin.cupsd we find that the log path is enabled for writing: 
  /var/log/cups/ rw,
  /var/log/cups/* rw,

There is only the chance to disable apparmor for cups with:
aa-disable /etc/apparmor.d/usr.sbin.cupsd

Afterwards cups could add a printer and is working again.
So this bug will be pushed to apparmor now, because the apparmor profile (from 2007) does not fit for cups anymore.
Reply to: