On Mon 21 Dec 2020 at 12:25:21 +0100, Jörg Sommer wrote: > Package: cups-daemon > Version: 2.3.3op1-3 > Severity: normal > > Hi, > > since the upgrade of cups-daemon from 2.3.3-4 to 2.3.3op1-1 I see these > message in my log: > > ``` > kernel: audit: type=1400 audit(1608535286.330:113): apparmor="DENIED" > operation="capable" profile="/usr/sbin/cupsd" pid=479747 comm="cupsd" > capability=12 capname="net_admin" > ``` > > I'm unsure to allow it in AppArmor, because it's a very privileged > capability: > > > CAP_NET_ADMIN > > Perform various network-related operations: > > * interface configuration; > > * administration of IP firewall, masquerading, and accounting; > > * modify routing tables; > > * bind to any address for transparent proxying; > > * set type-of-service (TOS); > > * clear driver statistics; > > * set promiscuous mode; > > * enabling multicasting; > > * use setsockopt(2) to set the following socket options: SO_DE‐ > > BUG, SO_MARK, SO_PRIORITY (for a priority outside the range 0 > > to 6), SO_RCVBUFFORCE, and SO_SNDBUFFORCE.
Thank you for your report, Jörg. Please see #980974: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=980974 Regards, Brian.
