I've read much of these strange problems here with Zorin OS 16 and in other places around the internet.
My humble suggestion is to try the following (based on my experience with Z16 & HP Photosmart 6520 printer/scanner),which effectively disables only the relevant restrictive apparmor profile, ippusbxd:
- unplug printer/scanner & make sure it's removed from settings GUI.
- run the following in a terminal:
sudo ln -s /etc/apparmor.d/usr.sbin.ippusbxd /etc/apparmor.d/disable/
sudo apparmor_parser -R /etc/apparmor.d/disable/usr.sbin.ippusbxd
(If done properly, you should see usr.sbin.ippusbxd in the
- plug in printer/scanner
- test printer or run the command “simple-scan” to test the scanner.
I have a tendency to be cautious, but feel comfortable with this after some research into ippusbxd (Internet Printing Protocol over USB), which emulates network protocol. There was a vulnerability back in 2015 which has long been fixed, in which an attacker could gain access to you printer. The worst they would be able to do is change your printer settings or make your printer type nasty "Yo momma" jokes, but nothing worst. Even though this has long been fixed, I unplug my printer when I'm not using it just in case somebody someday figures out a new ippusbxd vulnerability. ippusbxd only starts running once such a printer is plugged into a USB port, then a comedy of errors is triggered bring people to posts like this. ippusbxd only runs when an ippusbxd-capable printer is plugged into a USB port. Now that this long-since-fixed makes it so it can only run over local-host, as opposed to over the internet, I consider this safe even though I'm the paranoid type.
I found this with the help of DebuggingPrintingProblems - Ubuntu Wiki
" If you have any problems with printing, try deactivating the AppArmor protection with sudo aa-complain cupsd. If this helps, look for messages containing audit in the /var/log/syslog file. These show which components are accessed by the printing system for which there is no explicit permission given in /etc/apparmor.d/usr.sbin.cupsd. You can re-activate AppArmor via sudo aa-enforce cupsd. Report a bug to the package cups , so that we can correct the default configuration of AppArmor."
Like that link says, YOU CAN FILE A BUG REPORT AT Issues · OpenPrinting/cups · GitHub
My pet peeve is with Brother, HP, etc developers who don't take pride in their work and make it so even the most experienced techies are utterly frustrated trying to get printers keep up with the times... If you think your problems are bad, consider this guy: Late Night 'Pierre Bernard Recliner Of Rage "Microtek Scanners" 12/29/04 - YouTube
PS: to re-enable the ippusbxd Apparmor profile if it doesn't work,
sudo rm /etc/apparmor.d/disable/usr.sbin.ippusbxd
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.ippusbxd
Hope this helps.