SMB - SELinux print problems

Wayne Steenburg w.steenburg at myactv.net
Fri Apr 9 01:07:15 UTC 2004 

Does policy have to be manually reloaded-recompiled after running audit2
allow or will a simple reboot suffice? If it does how?, otherwise here's
my problem...

After some updates a few days ago, I can no longer print to an SMB
shared printer on my FC2t2 machine. I'm trying to print from a box
running XP.  I never specifically installed SE Linux, but some of the
packages were dependent on it. I relabeled my files and ran "audit2allow
-l -i /var/log/messages", but I'm still not able to print. I'm "fully
updated" as of today as well as rebooted after the audit2allow. I
blanked my /var/log/messages and this is what I get when I try to
print: 

[root at FC2 root]# cat /var/log/messages
Apr  8 20:44:22 FC2 kernel: audit(1081471462.693:0): avc:  denied
{ read } for  pid=2215 exe=/usr/sbin/smbd name=tmp dev=hde2 ino=917505
scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:tmp_t
tclass=dir
Apr  8 20:44:28 FC2 kernel: audit(1081471468.457:0): avc:  denied
{ search } for  pid=2218 exe=/usr/sbin/smbd name=spool dev=hde6
ino=1778881 scontext=system_u:system_r:smbd_t tcontext=system_u:
object_r:var_spool_t tclass=dir
Apr  8 20:44:28 FC2 kernel: audit(1081471468.465:0): avc:  denied
{ write } for  pid=2218 exe=/usr/sbin/smbd name=samba dev=hde6
ino=1778894 scontext=system_u:system_r:smbd_t tcontext=system_u:
object_r:var_spool_t tclass=dir
Apr  8 20:44:28 FC2 kernel: audit(1081471468.465:0): avc:  denied
{ add_name } for  pid=2218 exe=/usr/sbin/smbd name=smbprn.00000053.
GrMDuG scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:
var_spool_t tclass=dir
Apr  8 20:44:28 FC2 kernel: audit(1081471468.465:0): avc:  denied
{ create } for  pid=2218 exe=/usr/sbin/smbd name=smbprn.00000053.GrMDuG
scontext=system_u:system_r:smbd_t tcontext=system_u:object_r:var_spool_t
tclass=file
Apr  8 20:44:29 FC2 kernel: audit(1081471469.441:0): avc:  denied
{ write } for  pid=2218 exe=/usr/sbin/smbd path=/var/spool/samba/
smbprn.00000053.GrMDuG dev=hde6 ino=1778951 scontext=system_u:system_r:
smbd_t tcontext=system_u:object_r:var_spool_t tclass=file
Apr  8 20:44:31 FC2 kernel: audit(1081471471.135:0): avc:  denied
{ getattr } for  pid=2218 exe=/usr/sbin/smbd path=/var/spool/samba/
smbprn.00000053.GrMDuG dev=hde6 ino=1778951 scontext=system_u:system_r:
smbd_t tcontext=system_u:object_r:var_spool_t tclass=file
Apr  8 20:44:31 FC2 kernel: audit(1081471471.135:0): avc:  denied
{ read } for  pid=2218 exe=/usr/sbin/smbd name=smbprn.00000053.GrMDuG
dev=hde6 ino=1778951 scontext=system_u:system_r:smbd_t
tcontext=system_u:object_r:var_spool_t tclass=file
Apr  8 20:44:31 FC2 smbd[2218]: [2004/04/08 20:44:31, 0] printing/
print_cups.c:cups_job_submit(766)
Apr  8 20:44:31 FC2 smbd[2218]:   Unable to print file to usblp0 -
client-error-document-format-not-supported
Apr  8 20:44:31 FC2 kernel: audit(1081471471.158:0): avc:  denied
{ remove_name } for  pid=2218 exe=/usr/sbin/smbd name=smbprn.00000053.
GrMDuG dev=hde6 ino=1778951 scontext=system_u:system_r:smbd_t
tcontext=system_u:object_r:var_spool_t tclass=dir
Apr  8 20:44:31 FC2 kernel: audit(1081471471.158:0): avc:  denied
{ unlink } for  pid=2218 exe=/usr/sbin/smbd name=smbprn.00000053.GrMDuG
dev=hde6 ino=1778951 scontext=system_u:system_r:smbd_t
tcontext=system_u:object_r:var_spool_t tclass=file

I'm assuming the client-error-document-format-not-supported error is
because the smb daemon can't seem to access /var/spool. Any help is
greatly appreciated.

Wayne Steenburg

More information about the fedora-test-list mailing list