SELinux denying Brother printer to CUPS
Daniel J Walsh
dwalsh at redhat.com
Mon Nov 12 19:40:30 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simon Slater wrote:
> G'day again,
> I am setting up a Brother MFC665CW in F7. As far as I know I have
> followed the Brother instructions and FAQ. It prints fine via USB.
> When sending a CUPS test page these avc denials are given:
> 1/
> avc: denied { write } for comm="brprintconf_mfc" dev=dm-0 egid=7 euid=4
> exe="/usr/bin/brprintconf_mfc665cw" exit=-13 fsgid=7 fsuid=4 gid=7
> items=0
> name="inf" pid=3089 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
> tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> 2/
> avc: denied { append } for comm="sh" dev=dm-0 egid=7 euid=4
> exe="/bin/bash"
> exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> 3/
> avc: denied { write } for comm="sh" dev=dm-0 egid=7 euid=4
> exe="/bin/bash"
> exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> 4/
> avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> euid=4
> exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> name="filtermfc665cw"
> pid=3541 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> 5/
> avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> euid=4
> exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> name="brcupsconfpt1"
> pid=3539 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> 6/
> avc: denied { execute_no_trans } for comm="cupsd" dev=dm-0 egid=7 euid=4
> exe="/usr/sbin/cupsd" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> name="brlpdwrappermfc665cw"
> path="/usr/lib/cups/filter/brlpdwrappermfc665cw"
> pid=3257 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> tcontext=root:object_r:lib_t:s0 tty=(none) uid=4
>
> I have followed the advice of setroubleshoot and have:
> touch /.autorelabel; reboot
> but still no change.
>
> There seems to be many files involved. What is the source of the
> problem? SEtroubleshoot suggests local policy rules (reading up on that
> now in FC5 selinux FAQ) but how many will be needed? One for each type
> of denial.
>
> Any help greatly appreciated. I've been fiddling with this for over a
> week now :(
>
Are you running the latest selinux-policy for FC7? These files should
be labeled bin_t.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFHOKwurlYvE4MpobMRAlueAJ9EDmtR4ck4Z+FtEsBvbYumOXW/VACg6oAU
iHogTQ371naSV68H1Fbz/3Y=
=45aG
-----END PGP SIGNATURE-----
More information about the fedora-list
mailing list