Aaron Konstam wrote:
On Thu, 2007-08-23 at 11:00 +0200, PerAntonRønning wrote:
PerAntonRønning wrote:
Mikkel L. Ellertson wrote:
PerAntonRønning wrote:
Hi Andy
a minor extract of the error_log shows this:
I [22/Aug/2007:12:42:00 +0200] Full reload is required.
I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from
'/etc/cups': 33
types, 38 filters...
I [22/Aug/2007:12:42:01 +0200] Loading job cache file
"/var/cache/cups/job.cache"...
I [22/Aug/2007:12:42:01 +0200] Full reload complete.
I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
"/var/run/cups/certs/0" - Operation not supported
It seems to listen to 127.0.0.1:631, which should be lo. The last
message tough "operation not supported" does not explain itself, at
least not to me.
ps -Af | grep cupsd shows that the daemon is up and running.
So I'm scratching my head a bit on this.
Brgs
PAR
The "operation not supported" is an indication that selinux is not
enabled. So CUPS could not set the Access Control List values. This
will not stop CUPS from running. The "Listening to 127.0.0.1:631"
says that the CUPS web interface is only available to the local
machine, on port 631. You can not connect to it from another machine
on the network. (This does not affect connecting to printers on your
machine - that is another setting.)
Mikkel
I don't have a real network, just a backup PC connected through an eth
card.
I do not need to print from other PC's, so what you say may imply that
this should work
by the look of it?
Regarding SElinux - /etc/selinux/config contains:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0
As to checking if SElinux is enabled the command (listed in my FC5
"bible")
$/usr/sbin/sestatus -v
gives as output:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 21
Policy from config file: targeted
Process contexts:
Current context: user_u:system_r:unconfined_t
Init context: system_u:system_r:init_t
/sbin/mingetty system_u:system_r:getty_t
File contexts:
Controlling term: user_u:object_r:devpts_t
/etc/passwd system_u:object_r:etc_t
/etc/shadow system_u:object_r:shadow_t
/bin/bash system_u:object_r:shell_exec_t
/bin/login system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t ->
system_u:object_r:shell_exec_t
/sbin/agetty system_u:object_r:getty_exec_t
/sbin/init system_u:object_r:init_exec_t
/sbin/mingetty system_u:object_r:getty_exec_t
/usr/sbin/sshd system_u:object_r:sshd_exec_t
/lib/libc.so.6 system_u:object_r:lib_t ->
system_u:object_r:lib_t
/lib/ld-linux.so.2 system_u:object_r:lib_t ->
system_u:object_r:ld_so_t
... so SElinux seems to be enabled.
BUT: In my security level configuration I don't find an entry for
"printer" or "printing",
should I expect such an entry?
--- OPPPS! It must have been too late in the evening. I was referring
to the firewall section (tab) of the config screen not the SElinux tab.
Printing appears under SELinux.
So, this seems to be a real puzzle, perhaps I have to reinstall FC5.
(I am a bit conservative when it comes to new versions, I want them to
be tested out a bit first,
so I wait with FC7. Anyone thinking this is too conservative?)
I do. How about disabling selinux and see if printing starts working.
In the environment you describe I don't see that selinux is doing that
much for you.
As to the error below it is really mysterious.
E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
"/var/run/cups/certs/0" - Operation not supported
/var/run/cups/certs/0 is r--r---- on my machine. Setting the ACL on such
a file seems hard to say the least.
I did disable selinux, rebooted the machine, but nothing changed. So,
this may be due to some CUPS problem.
This is something I have never done before - should I remove and then
download and reinstall
the whole thing?
Next thing may be to reinstall FC5 from the bottom and up. THAT I've
done before :-)
Brgds
PAR