Can someone help me to override apparmor's block of cups-pdf? After a lot of research it appears that the problem is that my home directory is in a linked filesystem.

Every time I try to output to the PDF I get a dmesg error:

Thanks in advance for any suggestions on this.

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

boot time parameter apparmor=0

http://wiki.apparmor.net/index.php/AppArmor_Failures
edit /etc/apparmor.d

That's not "advice" that's just disabling AppArmor. The OP did not ask for that and you definitely didn't give any reason why he should.


Be precise. Which profile exactly should he edit and what should he change or add?

If OP can edit /etc/apparmor.d then OP should be able to disable apparmor (if reqd).

It is difficult to be precise as this file /etc/apparmor.d/usr.sbin.cupsd
is system specific (but it should have enough comments) - maybe the capability to chown is not in place.

1 members found this post helpful.

Thanks, Amani.

I had spent hours going thought the Ubuntu documentation and reviewing all the files in /etc/apparmor.d before posting my message. I was tempted to create a script to disable apparmor every time I need to print a pdf, but I'm very security conscious and wouldn't want it disabled even for an instance.

While reviewing the /etc/apparmor.d files I did see a disable directory with two lines in it. I tried creating a link of my own hoping this would work:

I also have studied the usr.sbin.cupsd file to try to see if I could find a clue in there as to how to stop apparmor from blocking the access. I even removed the usr.sbin.cupsd file and tried to use the pdf function and still got the same error.

Thanks in advance if you have any specifics on how to stop apparmor from blocking the cups-pdf operation.

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

Thanks, Amani. I see you posted a new message while I was composing a response to your previous one. I believe I mentioned that I had already explored all the files in the /etc/apparmor.d to the best of my ability. I had also read, very entently the usr.sbin.cupsd file, the README files, and as I mentioned the documentation, but I'm can't figure out how to disable this blocking.

Maybe I have it wrong, but I tried adding this line to the /etc/apparmor.d/local/usr.sbin.cupsd file:

It appears that the README file is saying this will add permission to the blocked directories.

Have you even removed a blocked applicate from apparmor? Maybe I can test the steps that you have done specifically for a different app.

Thanks!

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames

Thanks, Amani.

I got the issue resolved. I'm not sure which of my many attempted resolved the issue. Some of the times I was rebooted after making changes. Some of the times I made changes and then tried to print to pdf.

I believe the key was one of the original attempts I had made, but failed to reboot. But this time I did the following:

Added the following lines to the section with @{HOME}/PDF/:

Put the usr.sbin.cupsd link back into the disable directory and restarted the apparmor daemon and was able to print to pdf without errors.

When I learn of which precise change cured the issue I'll come back and share it with the membership.

Have a nice day!

-- L. James

--
L. D. James
ljames@apollo3.com
www.apollo3.com/~ljames