[pkg-apparmor] Bug#883765: cups-client: Unsupported document-format "application/octet-stream".

[intrigeri]

Control: tag -1 + moreinfo
Control: retitle -1 Printing is broken with AppArmor enabled if /var/log is a symlink to some other place

Hi,

Thanks Mathew for testing again, and Brian for adding me in the loop!
I'm Cc'ing the AppArmor team so the resolution of this problem does
not depend solely on myself :)

P V Mathew:
> as requested have reinstalled apparmor

> The following programs are not working

> man(from command line) but man2html ok

Interesting, I don't have this problem. I notice that AppArmor
confinement was added in man-db (2.7.6.1-3), and then updated in
man-db (2.7.6.1-4). This is off-topic here so could you please report
a bug against man-db about this, including the corresponding AppArmor
denial logs? Feel free to X-Debbugs-Cc pkg-apparmor-team at .
In the meantime you can "sudo aa-disable /usr/bin/man".

> cups started on reboot but by the time logged in, it had stopped.
> [...]
> Oops. realize now, may be about 2-3 years ago when my var partition got full,
> had moved the var/log on to /home/ and sym-linked to it in var. May be
> this is not consistent with apparmor(not sure?).

Right, this can cause lots of problems with AppArmor, and not only for
cupsd so I'm not going to suggest solutions that would address your
problem for cupsd only but leave other bits of your system broken.

I recommend you either:

A. bind-mount /home/log on /var/log instead of using a symlink

B. use an AppArmor alias

   # echo '/var/log/ -> /home/log/' >> /etc/apparmor.d/tunables/alias
   # systemctl restart apparmor

Works?

If this works, then I suggest the cups maintainers close this bug or
tag it wontfix: with a path-based LSM like AppArmor, there's no
general solution to problems caused by such uncommon customization
applied locally by sysadmins, other than education and documentation
about AppArmor so they're able to adjust their AppArmor
configuration accordingly.

Regards,
-- 
intrigeri