On 06/20/2009 01:50 PM, Steven Stern wrote:
On 06/20/2009 06:12 AM, Daniel J Walsh wrote:
On 06/19/2009 07:10 PM, Steven Stern wrote:
After installing hplip-gui, I got selinux errors when checking on the
printer status.
audit2allow generated the following policy
module cups20090619 1.0;
require {
type hwdata_t;
type xdm_t;
class dir search;
class file { read getattr open };
}
#============= xdm_t ==============
allow xdm_t hwdata_t:dir search;
allow xdm_t hwdata_t:file { read getattr open };
xdm is checking the printer status? This allow rule indicates the X
Login program is checking the printer status. Could you attach the AVC's
you used to generate this policy.
And here's another one related to hplip
type=AVC msg=audit(1245520061.974:38037): avc: denied { read } for
pid=25561 comm="python" name="mls" dev=selinuxfs ino=12
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file
type=AVC msg=audit(1245520061.974:38037): avc: denied { read open } for
pid=25561 comm="python" name="mls" dev=selinuxfs ino=12
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file
Could you report this as a bug to cups. Cups has some MLS aware ness in
it and maybe it is reading this file directly rather then through
libselinux. CC me on the bug report dwalsh@xxxxxxxxxx
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines