The problem seems to be occurring in the prepareuser function of
/usr/lib/cups/backend/cups-pdf. Specifically, the following check fails to
correctly identify the presence of the user output directory (line 338 of
cups-pdf.c):
if (stat(dirname, &fstatus) || !S_ISDIR(fstatus.ts_mode))
Using up-to-date Ubuntu 8.10 with a clean install of cups and cups-pdf with
default config files (i.e. purge and reinstall). Package versions:
cups: 1.3.9-2ubuntu7
cups-pdf: 2.4.8-1ubuntu1
Permissions on $HOME and ~/PDF/ both 700, which causes cups-pdf to fail:
mat...@host:~/PDF$ ls -la
total 8
drwx------ 2 mathew mathew 4096 2009-03-13 11:25 .
drwx------ 68 mathew mathew 4096 2009-03-13 11:16 ..
It appears that AppArmor is preventing the stat and S_ISDIR function calls
(from sys/stat.h) from correctly determining the existence of the ~/PDF/ output
directory. This is despite the AppArmor profile /etc/apparmor.d/usr.sbin.cupsd
granting cups-pdf read/write access to that directory (lines 141-142 of
usr.sbin.cupsd):
@{HOME}/PDF/ rw,
@{HOME}/PDF/* rw,
When prepareuser fails to find the ~/PDF/ directory, it then tries to
(re)create it, which causes cups-pdf to fail as it doesn't (and shouldn't) have
write access directly in $HOME.
Trying to print, e.g. '$ lp -d PDF /tmp/test.txt' results in the following
error message in /var/log/cups/cups-pdf_log (originating from the prepareuser
function):
Fri Mar 13 12:57:45 2009 [ERROR] failed to create user output directory
(/home/mathew/PDF)
The following also appears in /var/log/syslog:
Mar 13 12:57:45 host kernel: [11411.156535] type=1503
audit(1236902265.708:18): operation="capable" name="dac_override" pid=5562
profile="/usr/lib/cups/backend/cups-pdf"
Mar 13 12:57:45 host kernel: [11411.156549] type=1503
audit(1236902265.708:19): operation="capable" name="dac_read_search" pid=5562
profile="/usr/lib/cups/backend/cups-pdf"
If the prepareuser function is modified so that it doesn't check for the
existence of the output directory, and simply return(s) 0; whenever it
is called, cups-pdf works as expected. The unmodified version of cups-
pdf will work when either AppArmor is not running, or $HOME is given
permissions 701, with ~/PDF/ still having 700 permissions.
--
apparmor prevent cups-pdf to create ~/PDF folder
https://bugs.launchpad.net/bugs/270046
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
