LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-24-2011, 12:15 AM   #1
ieatbunnies
Member
 
Registered: Feb 2010
Posts: 37

Rep: Reputation: 14
Ubuntu 10 apparmor problems... help dmesg


[25013.230999] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[25013.231014] sd 7:0:0:0: [sdc] Attached SCSI removable disk
[25360.006612] type=1400 audit(1298522002.633:40): apparmor="DENIED" operation="open" parent=7025 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=7026 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.025891] type=1400 audit(1298522002.653:41): apparmor="DENIED" operation="open" parent=7025 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=7026 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.236552] type=1400 audit(1298522002.865:42): apparmor="DENIED" operation="open" parent=7028 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=7030 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.238508] type=1400 audit(1298522002.865:43): apparmor="DENIED" operation="open" parent=7028 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=7030 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.593870] usblp0: removed
[26561.741093] type=1400 audit(1298523204.369:44): apparmor="DENIED" operation="open" parent=8883 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=8884 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[26561.742901] type=1400 audit(1298523204.369:45): apparmor="DENIED" operation="open" parent=8883 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=8884 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[26561.973264] type=1400 audit(1298523204.601:46): apparmor="DENIED" operation="open" parent=8886 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=8888 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[26561.975068] type=1400 audit(1298523204.601:47): apparmor="DENIED" operation="open" parent=8886 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=8888 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[27011.396392] usb 1-2.1: new high speed USB device using ehci_hcd and address 12
 
Old 02-24-2011, 05:26 PM   #2
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Ok, so what is the exact problem? You gave output, and nothing else. What exactly is going on, and what do you exactly need help with?
 
Old 04-09-2011, 11:20 AM   #3
aaron.psamuel
LQ Newbie
 
Registered: Apr 2011
Location: NYC
Distribution: Ubuntu, RHEL, centOS
Posts: 7

Rep: Reputation: 1
Wink Apparmor weirdness

Hi there -

When you provide more details in your question including all the facts as you know them, it goes light years in helping the helpers help you =). Aside from...


rainofkayos@animal ~ [1127] % ldd /usr/sbin/cupsd | egrep 'gpg|gcrypt'
libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007f12a4d52000)
libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00007f12a2dc8000)

Confirmed cupsd is going to be looking for version $X of the two library files your apparmor is complaining about.

I then checked my own cupsd profile for apparmor (sloppy grep statement below, heads up).

rainofkayos@animal ~ [1128] % egrep lib /etc/apparmor.d/usr.sbin.cupsd
/usr/lib/** rm,
/usr/lib/cups/backend/bluetooth ixr,
/usr/lib/cups/backend/dnssd ixr,
/usr/lib/cups/backend/http ixr,
/usr/lib/cups/backend/ipp ixr,
/usr/lib/cups/backend/lpd ixr,
/usr/lib/cups/backend/parallel ixr,
/usr/lib/cups/backend/scsi ixr,
/usr/lib/cups/backend/serial ixr,
/usr/lib/cups/backend/snmp ixr,
/usr/lib/cups/backend/socket ixr,
/usr/lib/cups/backend/usb ixr,
/usr/lib/cups/backend/cups-pdf Px,
/usr/lib/cups/backend/* Ux,
/usr/lib/cups/cgi-bin/* ixr,
/usr/lib/cups/daemon/* ixr,
/usr/lib/cups/monitor/* ixr,
/usr/lib/cups/notifier/* ixr,
/usr/lib/cups/filter/* Uxr,
/usr/lib/cups/driver/* Uxr,
/usr/lib/cups/backend/cups-pdf {
/usr/lib/cups/backend/cups-pdf mr,
/usr/lib/ghostscript/** mr,

Well it shows that all ACLs defined in the cupsd profile are pointing at opening up access under /usr/lib however it appears the library that cupsd is looking for is located directly under /lib (as of version 10+?, i am not sure of this or if the file moved sorry, i can confirm this is 10.10 64 bit im running)

this is how i found where all my

rainofkayos@animal ~ [1131] % locate lib |egrep 'libgcrypt.so|libgpg-error.so'
/lib/libgcrypt.so
/lib/libgcrypt.so.11
/lib/libgcrypt.so.11.5.3
/lib/libgpg-error.so
/lib/libgpg-error.so.0
/lib/libgpg-error.so.0.4.0
/lib32/libgcrypt.so
/lib32/libgcrypt.so.11
/lib32/libgcrypt.so.11.5.3
/lib32/libgpg-error.so
/lib32/libgpg-error.so.0
/lib32/libgpg-error.so.0.4.0

I'm thinking you may need to try and prepend/append an ACL line for lib like the below:

/lib/** rm,


give it a shot, and also keep your ears/eyes open for other likely waaay more experienced linux guys than me =)

You can alternatively do this if this is becoming a headache and the cups is not usable.

'sudo aa-complain /etc/apparmor.d/usr.sbin.cupsd'

this will put the service profile in complain mode basically making apparmor not care about security for it temporarily.
 
Old 04-09-2011, 03:00 PM   #4
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
Quote:
Originally Posted by aaron.psamuel View Post
Hi there -

When you provide more details in your question including all the facts as you know them, it goes light years in helping the helpers help you =). Aside from...


rainofkayos@animal ~ [1127] % ldd /usr/sbin/cupsd | egrep 'gpg|gcrypt'
libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007f12a4d52000)
libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00007f12a2dc8000)

Confirmed cupsd is going to be looking for version $X of the two library files your apparmor is complaining about.

I then checked my own cupsd profile for apparmor (sloppy grep statement below, heads up).

rainofkayos@animal ~ [1128] % egrep lib /etc/apparmor.d/usr.sbin.cupsd
/usr/lib/** rm,
/usr/lib/cups/backend/bluetooth ixr,
/usr/lib/cups/backend/dnssd ixr,
/usr/lib/cups/backend/http ixr,
/usr/lib/cups/backend/ipp ixr,
/usr/lib/cups/backend/lpd ixr,
/usr/lib/cups/backend/parallel ixr,
/usr/lib/cups/backend/scsi ixr,
/usr/lib/cups/backend/serial ixr,
/usr/lib/cups/backend/snmp ixr,
/usr/lib/cups/backend/socket ixr,
/usr/lib/cups/backend/usb ixr,
/usr/lib/cups/backend/cups-pdf Px,
/usr/lib/cups/backend/* Ux,
/usr/lib/cups/cgi-bin/* ixr,
/usr/lib/cups/daemon/* ixr,
/usr/lib/cups/monitor/* ixr,
/usr/lib/cups/notifier/* ixr,
/usr/lib/cups/filter/* Uxr,
/usr/lib/cups/driver/* Uxr,
/usr/lib/cups/backend/cups-pdf {
/usr/lib/cups/backend/cups-pdf mr,
/usr/lib/ghostscript/** mr,

Well it shows that all ACLs defined in the cupsd profile are pointing at opening up access under /usr/lib however it appears the library that cupsd is looking for is located directly under /lib (as of version 10+?, i am not sure of this or if the file moved sorry, i can confirm this is 10.10 64 bit im running)

this is how i found where all my

rainofkayos@animal ~ [1131] % locate lib |egrep 'libgcrypt.so|libgpg-error.so'
/lib/libgcrypt.so
/lib/libgcrypt.so.11
/lib/libgcrypt.so.11.5.3
/lib/libgpg-error.so
/lib/libgpg-error.so.0
/lib/libgpg-error.so.0.4.0
/lib32/libgcrypt.so
/lib32/libgcrypt.so.11
/lib32/libgcrypt.so.11.5.3
/lib32/libgpg-error.so
/lib32/libgpg-error.so.0
/lib32/libgpg-error.so.0.4.0

I'm thinking you may need to try and prepend/append an ACL line for lib like the below:

/lib/** rm,


give it a shot, and also keep your ears/eyes open for other likely waaay more experienced linux guys than me =)

You can alternatively do this if this is becoming a headache and the cups is not usable.

'sudo aa-complain /etc/apparmor.d/usr.sbin.cupsd'

this will put the service profile in complain mode basically making apparmor not care about security for it temporarily.
Why would you waste your first post on LQ on an old thread?
 
Old 04-10-2011, 08:21 AM   #5
aaron.psamuel
LQ Newbie
 
Registered: Apr 2011
Location: NYC
Distribution: Ubuntu, RHEL, centOS
Posts: 7

Rep: Reputation: 1
Hello -

I am sorry, I saw the Feb 2011 and assumed it was still a relevant post.
 
Old 04-10-2011, 08:31 AM   #6
corp769
LQ Guru
 
Registered: Apr 2005
Posts: 5,817

Rep: Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002Reputation: 1002
It's all good. I was waiting on the OP to reply, that's all.

Josh
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Help? Ubuntu dmesg seems to see my PD1030 but Cheese and Skype do not: dude439 Linux - Newbie 3 08-04-2009 12:30 AM
Problems with AppArmor nesrail Ubuntu 1 05-12-2009 09:29 AM
LXer: How to Secure Ubuntu With AppArmor LXer Syndicated Linux News 0 10-30-2007 10:20 PM
apparmor and ubuntu??? mihalisla Linux - Newbie 2 09-12-2006 04:27 PM
/bin/dmesg > /dmesg-boot not Working in Knoppix 3.4 suguru Debian 2 07-04-2004 06:21 PM


All times are GMT -5. The time now is 03:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration