[Bug 371129] [NEW] cups-pdf incompatible with .Private ecryptfs-encrypted homedir

Cristóbal M. Palmer cmp at cmpalmer.org
Sun May 3 07:12:53 UTC 2009 

Public bug reported:

Binary package hint: cups-pdf

Possibly an apparmor problem related to
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/359338 ?

System:

$ lsb_release -rc
Release:	9.04
Codename:	jaunty
$ uname -srvmo
Linux 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:58:03 UTC 2009 x86_64 GNU/Linux
$ dpkg -l cups-pdf|grep ^ii
ii  cups-pdf                                   2.5.0-1ubuntu1                               PDF printer for CUPS

Expected outcome:

After adding cups-pdf, user with encrypted ~ should be able to use the
newly-generated "PDF" printer and find files generated in ~/PDF. Failing
that, the user should get clear feedback that printing to a PDF file
failed.

Observed outcome:

If no ~/PDF directory exists, nothing happens from the user perspective.
The user prints (eg. an OpenOffice.org document) and there is no
feedback. If ~/PDF directory is created by the user, there will be a
notification that the job has completed, but no file will have been
written to ~/PDF, which is arguably worse.

In /var/log/syslog:

May  3 02:42:20 [hostname redacted] kernel: [41865.738103] type=1503
audit(1241332940.041:21): operation="inode_create" requested_mask="a::"
denied_mask="a::" fsuid=1000 name="/home/[username
redacted]/.Private/ECRYPTFS_FNEK_ENCRYPTED.FW[...redacted...]---/ECRYPTFS_FNEK_ENCRYPTED.FX[...redacted...]-AZ3UEsMSklVu4z1jyDhs-"
pid=16397 profile="/usr/lib/cups/backend/cups-pdf"

In /var/log/cups/cups-pdf_log (if no ~/PDF exists):
Sun May  3 02:31:06 2009  [ERROR] failed to create directory (/home/[redacted]/PDF)
Sun May  3 02:31:06 2009  [ERROR] failed to create user output directory (/home/[redacted]/PDF)

And if ~/PDF exists:
Sun May  3 02:33:40 2009  [ERROR] failed to set file mode for PDF file (non fatal) (/home/[redacted]/PDF/[redacted].pdf)

Workaround:
Set 'Out /var/tmp/PDF' or similar in /etc/cups/cups-pdf.conf and restart cups with 'sudo service cups restart'

Ideal fix:
Fresh install of cups-pdf would set /etc/apparmor.d/usr.sbin.cupsd (or another file?) properly to avoid this issue. I've tried playing with that file to no avail.... perhaps barking up the wrong tree or simply inept when it comes to apparmor.

** Affects: cups-pdf (Ubuntu)
     Importance: Undecided
         Status: New

-- 
cups-pdf incompatible with .Private ecryptfs-encrypted homedir
https://bugs.launchpad.net/bugs/371129
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list