Ubuntu – AppArmor with cupsd denied in logs


I was updating the OS today (security patches), when I found something strange in the syslog:

apparmor="DENIED" operation="signal" profile="/usr/sbin/cupsd" pid=2483 comm="cupsd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"

It appeared in the syslog 5 times.

I never saw this log, so I started to look about it, but no success. the only thing I know is that cupsd is something about printer (something that I never used with Ubuntu).

So, I also took a look into the /log/cups/access_log and I found this (looking at the timestamp, this log came 1 second before the log from the syslog):

localhost - - [07/Jul/2015:11:49:50 -0300] "POST / HTTP/1.1" 200 3695675 CUPS-Get-PPDs -

So, I never had any DENIED thing from apparmor. Anyone knows why this happenned? Also note that I never had to use a printer with Ubuntu.

Thank you guys for helping me.

EDIT: Just noticed that in the same day that I downloaded the updates, I also installed updates for the cups. Maybe that's why it had the DENIED log?

Best Answer

  • Workaround from https://wiki.ubuntu.com/DebuggingPrintingProblems#AppArmor_Protection_of_the_printing_system

    Make sure apparmor-utils is installed: apt-get install apparmor-utils

    If you have any problems with printing, try deactivating the AppArmor protection with sudo aa-complain cupsd. Note after doing this I had to unplug and replug the printer for it to work.

    You can re-activate AppArmor via sudo aa-enforce cupsd.

    If this helps, look for messages containing audit in the /var/log/syslog file. These show which components are accessed by the printing system for which there is no explicit permission given in /etc/apparmor.d/usr.sbin.cupsd

    More details in the above link. (They also want you to report the bug).

  • Related Question