Sample Header Ad - 728x90

Why does CUPS attempt to open ecryptfs wrapped-passphrase?

0 votes
0 answers
17 views
pam cups printing ecryptfs
I am trying to add a printer manually via the CUPS web interface (http://localhost:631/admin/) but it is not working. I see that when I click "Add printer", a username/password dialog pops up... entering my username/password, I see errors like this in the journal: 
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.777:406): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/etc/fscrypt.conf" pid=37925 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.777:407): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/home/.ecryptfs/myusename/.ecryptfs/Private.mnt" pid=37925 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jan 30 11:21:00 myhostname cupsd: pam_ecryptfs: Passphrase file wrapped
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.778:408): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/home/.ecryptfs/myusename/.ecryptfs/wrapped-passphrase" pid=112156 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jan 30 11:21:00 myhostname kernel: audit: type=1400 audit(1738264860.778:409): apparmor="DENIED" operation="open" class="file" profile="/usr/sbin/cupsd" name="/home/.ecryptfs/myusename/.ecryptfs/wrapped-passphrase" pid=112156 comm="cupsd" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
Jan 30 11:21:00 myhostname cupsd: pam_ecryptfs: Unable to rewrap passphrase file
Jan 30 11:21:00 myhostname cupsd: Failed to detect wrapped passphrase version: Permission denied
Jan 30 11:21:00 myhostname cupsd: Error attempting to unwrap passphrase from file [/home/myusename/.ecryptfs/wrapped-passphrase]; rc = [-13]
Jan 30 11:21:00 myhostname cupsd: pam_ecryptfs: Error adding passphrase key token to user session keyring; rc = [-5]​​
It seems like CUPS is trying to unwrap my ecryptfs passphrase? - why would CUPS need/want access to the wrapped ecryptfs passphrase, since the /home partition is already decrypted and mounted? - why would it try to "rewrap" the passphrase, as implied by the journal line above?
Asked by user272901 (142 rep)
Jan 30, 2025, 07:39 PM
Sidebar Ad - 300x250
Related Questions

Browse more questions from Unix & Linux Stack Exchange

More questions tagged "pam"
More questions tagged "cups"
More questions tagged "printing"
Footer Ad - 728x90