On Wednesday 10 December 2008, Craig White wrote:
>On Wed, 2008-12-10 at 21:24 -0500, Gene Heskett wrote:
[...]
>> (brought to you by Amanda 2.6.2alpha-20081208)
>>
>> So that is fixed. I wonder if cups is too? No, selinux, which is back to
>> enforcing now, is denying cups any access to lp3.
>>
>> Nope, even after manually copying one of the 3 identical HL2140.ppd files
>> into /etc/cups/printers/lp3.ppd, it prints blank sheets of paper, and
>> logs, when I try to change the default paper size to letter from A4:
>>
>> E [10/Dec/2008:21:12:25 -0500] CUPS-Add-Modify-Printer: Unauthorized
>>
>> And I've run thru the delete/add at localhost:631 until I have run out of
>> options, even going so far as to set the perms identical, no change in the
>> error messages.
>>
>> Your turn.
>
>----
>I just checked on my system and evidently, adding alias net-pf-10 off to
>modprobe.conf doesn't do squat any more because I too have ipv6
>addresses...don't know how long that's been going on but I have updated
>this system from like Fedora Core 4 or 5 continuously up and now I'm
>F10. I'm sort of at a loss on how to disable ipv6 but I would imagine it
>wouldn't take long to google.
>
>'manually copying' config files for cups seems to be wrong - it might
>cause selinux problems. I generally copy ppd files
>to /usr/share/cups/model and they will stay there forever and cups reads
>that folder when you set up printers and offers all PPD's that reside
>there.
I have them there, but they are not .gz'd, and cups doesn't show them to me, I
have to browse to find it, there of course, but then cups throws that error,
I think when its trying to construct /etc/cups/printers/lp3. I have deleted
the printer, cups can't delete it so I go behind it and do with with mc or
rm. Now this time, cups has created an /etc/cups/ppd/lp3.ppd from the
HL2140.ppd file, and the change to a default paper size was apparently done
cuz thats what its set to right now. So that is different from previous.
A test page doesn't show an error, but spits out blank paper. The printers
own test page works as expected.
I just fired up Kompare, and HL2140.ppd and lp3.ppd are identical except for
the A4 becoming 'letter'. And setting /etc/cups/cupsd.conf for debug2 output
still says it worked, but I get a blank sheet of paper for the cups test
image. That BTW, is a lot of progress, its the first paper its fed in 2
weeks.
Where else besides there in cups.conf can I turn on a lot of debugging so I
can see what might be wrong?
>selinux errors are very specific about what they're denying and
>why...you might want to look at audit.log or dmesg to get a clue or even
>better yet, install the setroubleshoot stuff which makes things a lot
>easier
Setroubleshoot says:
++++++++++++
SELinux is preventing cupsd (cupsd_t) "execute" to ./lp3 (cupsd_rw_etc_t)
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for ./lp3,
restorecon -v './lp3'
---------------
a restorecon -v './lp3.ppd' did not change the context of the file.
---------------
Source Context: system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context: system_u:object_r:cupsd_rw_etc_t:s0
Target Objects: ./lp3 [ file ]
Source: cupsd
Source Path: /usr/sbin/cupsd
Port: <Unknown>
Host: coyote.coyote.den
Source RPM Packages: cups-1.3.9-2.fc8
Policy RPM: selinux-policy-3.0.8-127.fc8
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Enforcing
Plugin Name: catchall_file
Host Name: coyote.coyote.den
Platform: Linux coyote.coyote.den 2.6.28-rc6 #4 SMP PREEMPT Mon Dec 1
10:15:04 EST 2008 i686 athlon
Alert Count: 5
First Seen: Fri 28 Nov 2008 11:46:07 AM EST
Last Seen: Wed 10 Dec 2008 08:57:42 PM EST
Local ID: 949d16f5-c192-4bab-97a7-461c6970b67c
Raw Audit Messages :
host=coyote.coyote.den type=AVC msg=audit(1228960662.917:137): avc: denied {
execute } for pid=4863 comm="cupsd" name="lp3" dev=sda3 ino=104400248
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
host=coyote.coyote.den type=SYSCALL msg=audit(1228960662.917:137):
arch=40000003 syscall=33 success=no exit=-13 a0=bf9c70c6 a1=1 a2=b7fcbff4
a3=b7fcca3c items=0 ppid=4862 pid=4863 auid=0 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4 comm="cupsd"
exe="/usr/sbin/cupsd" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
key=(null)
+++++++++++++
It was just relabeled when I rebooted.
Context for lp3.ppd is;
[root@coyote ppd]# ls -l --context
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t:s0 Cups-PDF.ppd
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t:s0 EPSON_Stylus_C82.ppd
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t:s0 lp0.ppd
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t:s0 lp1.ppd
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t:s0 lp2.ppd
-rw-r--r-- root root system_u:object_r:cupsd_rw_etc_t:s0 lp3.ppd
So thats not it. A 'locate lp3' returns:
/etc/cups/ppd/lp3.ppd
and some winhlp3 hits that aren't germain.
I see that /usr/share/setroubleshoot/plugins has a file for damned near
everything but cups, am I missing something AGAIN? But no cups specific
stuff in the cups or selinux related packages in /var/cache/yum, I just
looked.
Bugzilla time?
Your turn and thanks Craig.
>Craig
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Lavish spending can be disastrous. Don't buy any lavishes for a while.
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
