Apparmor audit message.
** Attachment added: "Apparmor audit message"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369/+attachment/5581262/+files/Apparmor%20audit%20message
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu
I have 33 denied messages that increase in number every time I reboot.
** Attachment added: "Apparmor rsys log d"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369/+attachment/5581261/+files/Apparmor%20rsys%20log%20d
--
You received this bug notification because you are a member of
** Attachment added: "Apparmor kernal log"
https://bugs.launchpad.net/ubuntu/+source/cups/+bug/1897369/+attachment/5581260/+files/Apparmor%20kernal%20log
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bu
It may also be an option to set the desired scheduling parameters via
systemd.exec(5) parameters instead of asking the daemon to do the
changes itself.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/
** Changed in: cups (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1897369
Title:
apparmor: Allow cups-browsed to change nice value (CAP_SYS_NICE)
To manage
I have searched the code of cups-browsed and libcupsfilters and did not
find any call of the mentioned functions which require CAP_SYS_NICE.
Most probably some of the library functions cups-browsed is using
contains such calls.
As cups-browsed works correctly I suggest to add the "deny capability
Till, it allows quite a few things (from man capabilities):
CAP_SYS_NICE
* Raise process nice value (nice(2), setpriority(2)) and change the
nice value for arbitrary processes;
* set real-time scheduling policies for calling process, and set
scheduling polici
Anyone of the security team, does allowing the "sys_nice" capability for
cups-browsed cause any possible security risk?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1897369
Title:
apparmor: Allow c
I did not have anything to control the priority in the source code of
cups-browsed, I also did not find anything in the packaging of cups-
filters. I also do not see any security risk in priority changing, it
can only make the system faster or slower.
Perhaps systemd does the nice level change? Ho
Thank you for your bug report
Till, do you know what impact that priority change failing has? Could
you check with the security team if that call should be allowed by
default in the cups profile?
** Changed in: cups (Ubuntu)
Assignee: (unassigned) => Till Kamppeter (till-kamppeter)
--
You
On my system, I have a consistent Deny on cups-browsed --capable, one
example from 281300Z November 2020 being:
Nov 28 13:00:24 hotrodgpc-desktop kernel: [ 52.928672] audit:
type=1400 audit(1606597224.111:54): apparmor="DENIED"
operation="capable" profile="/usr/sbin/cups-browsed" pid=1496 comm
=
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: cups (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1897369
Title:
appar
>From the manual page capabilities(7):
CAP_SYS_NICE
* Lower the process nice value (nice(2), setpriority(2)) and
change the nice value for arbitrary processes;
* set real-time scheduling policies for calling process, and set
sc
13 matches
Mail list logo
