Bug#882937: apparmor: cupsd profile blocks creation of PDF files with printer-driver-cups-pdf
- To: Nuno Oliveira <nuno@eq.uc.pt>
- Cc: 882937@bugs.debian.org
- Subject: Bug#882937: apparmor: cupsd profile blocks creation of PDF files with printer-driver-cups-pdf
- From: intrigeri <intrigeri@debian.org>
- Date: Thu, 07 Dec 2017 10:51:26 +0100
- Message-id: <[🔎] 85bmja27dt.fsf@boum.org>
- Reply-to: intrigeri <intrigeri@debian.org>, 882937@bugs.debian.org
- In-reply-to: <20171128121435.jujeyb67h4sroefd@eq.uc.pt> (Nuno Oliveira's message of "Tue, 28 Nov 2017 12:14:35 +0000")
- References: <151181387943.3477.3982686233654664304.reportbug@neo.eq.uc.pt> <85wp2aahi4.fsf@boum.org> <20171128121435.jujeyb67h4sroefd@eq.uc.pt> <151181387943.3477.3982686233654664304.reportbug@neo.eq.uc.pt>
Hi Nuno,
Nuno Oliveira:
> type=AVC msg=audit(1511871104.395:10445): apparmor="DENIED" operation="mknod"
> profile="/usr/lib/cups/backend/cups-pdf"
> name="/home/host/nuno/PDF/me_host_nuno_PDF.pdf" pid=2095 comm="gs" requested_mask="c"
> denied_mask="c" fsuid=1000 ouid=1000
I see. Am I guessing right that $HOME == /home/host/nuno?
If using a non-standard parent directory for home directories, you'll
need to let AppArmor know about it. Thankfully we have everything in
place to do this: adding @{HOMEDIRS}+=/home/host to
/etc/apparmor.d/tunables/home.d/site.local should do the trick.
Then, "sudo systemctl restart apparmor" and retry.
Does this fix the problem you're experiencing?
Cheers,
--
intrigeri
Reply to: