Paul Howarth wrote:
Samuel Díaz García wrote:
Yes, cups-pdf is a "virtual printer" thar prints the ouput into pdf
files. That pdf files are saved by cups-pdf into user's home directory.
As you said fine, I need to allow cups to write into that directories
(including /root) or into a $HOME/cups-pdf-docs directory to disallow
cups all control over $HOME directory.
If I remember well, cups is launched as root user (where a test I had
done some days ago because were a "cups-pdf" prerrequisite - don't
remember now).
How can I solve the issue with home directories?
If anybody knows how to, I would like to solve the problem in this form:
1) Allowing cups writing into home directories or especific
subdirectory into $HOME.
2) Enablilng SELinux as restrictive I can (is my laptop and I want
to learn a more about SELinux and apps issues.
As a start you might try:
# setsebool -P cupsd_disable_trans 1
This would turn off SELinux protection for the cups daemon, whilst
leaving you able to have SELinux turned on for everything else.
An alternative that might be worth trying would be to change the
context of any directories you want cups to be able to write to,
something like:
# chcon -t print_spool_t $HOME/cups-pdf-doc
Not sure if that'll work though.
I kind of like that solution. See what avc messages you get and we
could maybe add a boolean to allow searching of the users homedirs for
this directory.
Paul.
