Re: Selinux, cups, hplip

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/20/2009 01:50 PM, Steven Stern wrote:
On 06/20/2009 06:12 AM, Daniel J Walsh wrote:
On 06/19/2009 07:10 PM, Steven Stern wrote:
After installing hplip-gui, I got selinux errors when checking on the
printer status.

audit2allow generated the following policy

module cups20090619 1.0;

require {
type hwdata_t;
type xdm_t;
class dir search;
class file { read getattr open };
}

#============= xdm_t ==============
allow xdm_t hwdata_t:dir search;
allow xdm_t hwdata_t:file { read getattr open };


xdm is checking the printer status? This allow rule indicates the X
Login program is checking the printer status. Could you attach the AVC's
you used to generate this policy.


And here's another one related to hplip

type=AVC msg=audit(1245520061.974:38037): avc: denied { read } for
pid=25561 comm="python" name="mls" dev=selinuxfs ino=12
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file

type=AVC msg=audit(1245520061.974:38037): avc: denied { read open } for
pid=25561 comm="python" name="mls" dev=selinuxfs ino=12
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file



Could you report this as a bug to cups. Cups has some MLS aware ness in it and maybe it is reading this file directly rather then through libselinux. CC me on the bug report dwalsh@xxxxxxxxxx

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux