Comment 38 for bug 295536

Hi !

Like Eric says, it's a problem in the AppArmor configuration. His workaround works well but it remove the protection over cups-pdf. Like we see in the dmesg posted by marcobra it looks like a capabilities problem for /usr/lib/cups/backend/cups-pdf :

---
[89144.961555] type=1503 audit(1226146931.033:19): operation="capable" name="dac_read_search" pid=13513 profile="/usr/lib/cups/backend/cups-pdf"
[89168.118889] type=1503 audit(1226146954.189:20): operation="capable" name="dac_override" pid=13725 profile="/usr/lib/cups/backend/cups-pdf"
---

If you don't want disable protection of cups-pdf in AppArmor, don't use the flags=(complain).

Go to the /etc/apparmor.d/usr.sbin.cupsd and in the /usr/lib/cups/backend/cups-pdf section search for this lines :

  capability chown,
  capability fowner,
  capability fsetid,
  capability setgid,
  capability setuid,

after this lines you just need to add this two new lines :

  capability dac_override,
  capability dac_read_search,

It would be suficient. You juste need a /etc/init.d/apparmor reload and cups-pdf would works well !!

Hope this helps, Bruno

PS : Sorry for my english ;-)