Ubuntu 10 apparmor problems... help dmesg
[25013.230999] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[25013.231014] sd 7:0:0:0: [sdc] Attached SCSI removable disk [25360.006612] type=1400 audit(1298522002.633:40): apparmor="DENIED" operation="open" parent=7025 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=7026 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [25360.025891] type=1400 audit(1298522002.653:41): apparmor="DENIED" operation="open" parent=7025 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=7026 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [25360.236552] type=1400 audit(1298522002.865:42): apparmor="DENIED" operation="open" parent=7028 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=7030 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [25360.238508] type=1400 audit(1298522002.865:43): apparmor="DENIED" operation="open" parent=7028 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=7030 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [25360.593870] usblp0: removed [26561.741093] type=1400 audit(1298523204.369:44): apparmor="DENIED" operation="open" parent=8883 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=8884 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [26561.742901] type=1400 audit(1298523204.369:45): apparmor="DENIED" operation="open" parent=8883 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=8884 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [26561.973264] type=1400 audit(1298523204.601:46): apparmor="DENIED" operation="open" parent=8886 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=8888 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [26561.975068] type=1400 audit(1298523204.601:47): apparmor="DENIED" operation="open" parent=8886 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=8888 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0 [27011.396392] usb 1-2.1: new high speed USB device using ehci_hcd and address 12 |
Ok, so what is the exact problem? You gave output, and nothing else. What exactly is going on, and what do you exactly need help with?
|
Apparmor weirdness
Hi there -
When you provide more details in your question including all the facts as you know them, it goes light years in helping the helpers help you =). Aside from... rainofkayos@animal ~ [1127] % ldd /usr/sbin/cupsd | egrep 'gpg|gcrypt' libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007f12a4d52000) libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00007f12a2dc8000) Confirmed cupsd is going to be looking for version $X of the two library files your apparmor is complaining about. I then checked my own cupsd profile for apparmor (sloppy grep statement below, heads up). rainofkayos@animal ~ [1128] % egrep lib /etc/apparmor.d/usr.sbin.cupsd /usr/lib/** rm, /usr/lib/cups/backend/bluetooth ixr, /usr/lib/cups/backend/dnssd ixr, /usr/lib/cups/backend/http ixr, /usr/lib/cups/backend/ipp ixr, /usr/lib/cups/backend/lpd ixr, /usr/lib/cups/backend/parallel ixr, /usr/lib/cups/backend/scsi ixr, /usr/lib/cups/backend/serial ixr, /usr/lib/cups/backend/snmp ixr, /usr/lib/cups/backend/socket ixr, /usr/lib/cups/backend/usb ixr, /usr/lib/cups/backend/cups-pdf Px, /usr/lib/cups/backend/* Ux, /usr/lib/cups/cgi-bin/* ixr, /usr/lib/cups/daemon/* ixr, /usr/lib/cups/monitor/* ixr, /usr/lib/cups/notifier/* ixr, /usr/lib/cups/filter/* Uxr, /usr/lib/cups/driver/* Uxr, /usr/lib/cups/backend/cups-pdf { /usr/lib/cups/backend/cups-pdf mr, /usr/lib/ghostscript/** mr, Well it shows that all ACLs defined in the cupsd profile are pointing at opening up access under /usr/lib however it appears the library that cupsd is looking for is located directly under /lib (as of version 10+?, i am not sure of this or if the file moved sorry, i can confirm this is 10.10 64 bit im running) this is how i found where all my rainofkayos@animal ~ [1131] % locate lib |egrep 'libgcrypt.so|libgpg-error.so' /lib/libgcrypt.so /lib/libgcrypt.so.11 /lib/libgcrypt.so.11.5.3 /lib/libgpg-error.so /lib/libgpg-error.so.0 /lib/libgpg-error.so.0.4.0 /lib32/libgcrypt.so /lib32/libgcrypt.so.11 /lib32/libgcrypt.so.11.5.3 /lib32/libgpg-error.so /lib32/libgpg-error.so.0 /lib32/libgpg-error.so.0.4.0 I'm thinking you may need to try and prepend/append an ACL line for lib like the below: /lib/** rm, give it a shot, and also keep your ears/eyes open for other likely waaay more experienced linux guys than me =) You can alternatively do this if this is becoming a headache and the cups is not usable. 'sudo aa-complain /etc/apparmor.d/usr.sbin.cupsd' this will put the service profile in complain mode basically making apparmor not care about security for it temporarily. |
Quote:
|
Hello -
I am sorry, I saw the Feb 2011 and assumed it was still a relevant post. |
It's all good. I was waiting on the OP to reply, that's all.
Josh |
All times are GMT -5. The time now is 01:15 AM. |