[Bug 876108] New: cups /tmp/* symlinks and kernel audit log
https://bugzilla.novell.com/show_bug.cgi?id=876108 https://bugzilla.novell.com/show_bug.cgi?id=876108#c0 Summary: cups /tmp/* symlinks and kernel audit log Classification: openSUSE Product: openSUSE 13.1 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: suse-beta@cboltz.de ReportedBy: koenig@linux.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- 1) cups creates tons of temp symlinks like this one -- it would be nice if they'd be removed after use: ls -l /tmp/52f62e0701fa6 lrwxrwxrwx 1 harald users 24 Feb 8 14:15 /tmp/52f62e0701fa6 -> /etc/cups/ppd/hp4650.ppd 2) there are some (apparmor?) rules which block access as root (not as normal user): ls -lL /tmp/52f62e0701fa6 ls: cannot access /tmp/52f62e0701fa6: Permission denied giving May 2 10:52:19 hl kernel: [307558.514035] type=1702 audit(1399020739.856:1429): op=follow_link ppid=13870 pid=29590 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=pts2 comm="ls" exe="/usr/bin/ls" res=0 May 2 10:52:19 hl kernel: [307558.514055] type=1302 audit(1399020739.856:1430): item=0 name="/tmp/52f62e0701fa6" inode=1457341 dev=fd:02 mode=0120777 ouid=1000 ogid=100 rdev=00:00 and wc /tmp/52f62db4880d7 wc: /tmp/52f62db4880d7: Permission denied May 2 10:52:22 hl kernel: [307561.238326] type=1702 audit(1399020742.582:1431): op=follow_link ppid=13870 pid=29593 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=pts2 comm="wc" exe="/usr/bin/wc" res=0 May 2 10:52:22 hl kernel: [307561.238351] type=1302 audit(1399020742.582:1432): item=0 name="/tmp/52f62db4880d7" inode=1457335 dev=fd:02 mode=0120777 ouid=1000 ogid=100 rdev=00:00 May 2 10:52:22 hl kernel: [307561.238381] type=1702 audit(1399020742.582:1433): op=follow_link ppid=13870 pid=29593 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=2 tty=pts2 comm="wc" exe="/usr/bin/wc" res=0 May 2 10:52:22 hl kernel: [307561.238399] type=1302 audit(1399020742.582:1434): item=0 name="/tmp/52f62db4880d7" inode=1457335 dev=fd:02 mode=0120777 ouid=1000 ogid=100 rdev=00:00 but normal user can read: wc /tmp/52f62e0701fa6 4965 17867 197531 /tmp/52f62e0701fa6 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c1
Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c2
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c3
Christian Boltz
https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c4
Harald Koenig
This means you would have to find out what particular applications missed to remove their PPDs when no longer needed and file separated bug reports for each of them (for an example see bnc#338095).
just for reference: the application in question was/is acroread-9.5.5. it creates 4 symlinks per print-request:-( so obviously this is a non-issue for opensuse... thanks for your help and insights! Harald -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c5
--- Comment #5 from Johannes Meixner
https://bugzilla.novell.com/show_bug.cgi?id=876108
https://bugzilla.novell.com/show_bug.cgi?id=876108#c
Johannes Meixner
participants (1)
-
bugzilla_noreply@novell.com