Tech/OSS/AppArmor

From lathama
< Tech‎ | OSS
Jump to navigation Jump to search

Enable Cups

When dmesg is full of lines like 

[May21 00:00] audit: type=1400 audit(1653112802.019:59): apparmor="DENIED" operation="capable" profile="/usr/sbin/cupsd" pid=985981 comm="cupsd" capability=12  capname="net_admin"
[  +1.421586] audit: type=1400 audit(1653112803.443:60): apparmor="DENIED" operation="capable" profile="/usr/sbin/cups-browsed" pid=985984 comm="cups-browsed" capability=23  capname="sys_nice"

Install utils 

apt install apparmor-utils

Allow CUPS to run but complain about it in the logs 

aa-complain /etc/apparmor.d/usr.sbin.cupsd
aa-complain /etc/apparmor.d/usr.sbin.cups-browsed

To enable the missing rights edit /etc/apparmor.d/usr.sbin.cupsd to add 

capability net_admin,

and edit /etc/apparmor.d/usr.sbin.cups-browsed to add 

capability sys_nice,

as documented at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980974

Retrieved from "https://lathama.net/index.php?title=Tech/OSS/AppArmor&oldid=314"