Ubuntu 10 apparmor problems... help dmesg
 

[25013.230999] sd 7:0:0:0: [sdc] Assuming drive cache: write through
[25013.231014] sd 7:0:0:0: [sdc] Attached SCSI removable disk
[25360.006612] type=1400 audit(1298522002.633:40): apparmor="DENIED" operation="open" parent=7025 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=7026 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.025891] type=1400 audit(1298522002.653:41): apparmor="DENIED" operation="open" parent=7025 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=7026 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.236552] type=1400 audit(1298522002.865:42): apparmor="DENIED" operation="open" parent=7028 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=7030 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.238508] type=1400 audit(1298522002.865:43): apparmor="DENIED" operation="open" parent=7028 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=7030 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[25360.593870] usblp0: removed
[26561.741093] type=1400 audit(1298523204.369:44): apparmor="DENIED" operation="open" parent=8883 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=8884 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[26561.742901] type=1400 audit(1298523204.369:45): apparmor="DENIED" operation="open" parent=8883 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=8884 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[26561.973264] type=1400 audit(1298523204.601:46): apparmor="DENIED" operation="open" parent=8886 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgcrypt.so.11.6.0" pid=8888 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[26561.975068] type=1400 audit(1298523204.601:47): apparmor="DENIED" operation="open" parent=8886 profile="/usr/sbin/cupsd" name="/usr/local/lib/libgpg-error.so.0.8.0" pid=8888 comm="gs" requested_mask="r" denied_mask="r" fsuid=7 ouid=0
[27011.396392] usb 1-2.1: new high speed USB device using ehci_hcd and address 12

Ok, so what is the exact problem? You gave output, and nothing else. What exactly is going on, and what do you exactly need help with?

Apparmor weirdness
 

Hi there -

When you provide more details in your question including all the facts as you know them, it goes light years in helping the helpers help you =). Aside from...


rainofkayos@animal ~ [1127] % ldd /usr/sbin/cupsd | egrep 'gpg|gcrypt'
libgcrypt.so.11 => /lib/libgcrypt.so.11 (0x00007f12a4d52000)
libgpg-error.so.0 => /lib/libgpg-error.so.0 (0x00007f12a2dc8000)

Confirmed cupsd is going to be looking for version $X of the two library files your apparmor is complaining about.

I then checked my own cupsd profile for apparmor (sloppy grep statement below, heads up).

rainofkayos@animal ~ [1128] % egrep lib /etc/apparmor.d/usr.sbin.cupsd
/usr/lib/** rm,
/usr/lib/cups/backend/bluetooth ixr,
/usr/lib/cups/backend/dnssd ixr,
/usr/lib/cups/backend/http ixr,
/usr/lib/cups/backend/ipp ixr,
/usr/lib/cups/backend/lpd ixr,
/usr/lib/cups/backend/parallel ixr,
/usr/lib/cups/backend/scsi ixr,
/usr/lib/cups/backend/serial ixr,
/usr/lib/cups/backend/snmp ixr,
/usr/lib/cups/backend/socket ixr,
/usr/lib/cups/backend/usb ixr,
/usr/lib/cups/backend/cups-pdf Px,
/usr/lib/cups/backend/* Ux,
/usr/lib/cups/cgi-bin/* ixr,
/usr/lib/cups/daemon/* ixr,
/usr/lib/cups/monitor/* ixr,
/usr/lib/cups/notifier/* ixr,
/usr/lib/cups/filter/* Uxr,
/usr/lib/cups/driver/* Uxr,
/usr/lib/cups/backend/cups-pdf {
/usr/lib/cups/backend/cups-pdf mr,
/usr/lib/ghostscript/** mr,

Well it shows that all ACLs defined in the cupsd profile are pointing at opening up access under /usr/lib however it appears the library that cupsd is looking for is located directly under /lib (as of version 10+?, i am not sure of this or if the file moved sorry, i can confirm this is 10.10 64 bit im running)

this is how i found where all my

rainofkayos@animal ~ [1131] % locate lib |egrep 'libgcrypt.so|libgpg-error.so'
/lib/libgcrypt.so
/lib/libgcrypt.so.11
/lib/libgcrypt.so.11.5.3
/lib/libgpg-error.so
/lib/libgpg-error.so.0
/lib/libgpg-error.so.0.4.0
/lib32/libgcrypt.so
/lib32/libgcrypt.so.11
/lib32/libgcrypt.so.11.5.3
/lib32/libgpg-error.so
/lib32/libgpg-error.so.0
/lib32/libgpg-error.so.0.4.0

I'm thinking you may need to try and prepend/append an ACL line for lib like the below:

/lib/** rm,


give it a shot, and also keep your ears/eyes open for other likely waaay more experienced linux guys than me =)

You can alternatively do this if this is becoming a headache and the cups is not usable.

'sudo aa-complain /etc/apparmor.d/usr.sbin.cupsd'

this will put the service profile in complain mode basically making apparmor not care about security for it temporarily.

Why would you waste your first post on LQ on an old thread?

Hello -

I am sorry, I saw the Feb 2011 and assumed it was still a relevant post.

It's all good. I was waiting on the OP to reply, that's all.

Josh