[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: CUPS problem



Mikkel L. Ellertson wrote:
PerAntonRønning wrote:
Hi Andy
a minor extract of the error_log shows this:
I [22/Aug/2007:12:42:00 +0200] Full reload is required.
I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from '/etc/cups': 33
types, 38 filters...
I [22/Aug/2007:12:42:01 +0200] Loading job cache file
"/var/cache/cups/job.cache"...
I [22/Aug/2007:12:42:01 +0200] Full reload complete.
I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
"/var/run/cups/certs/0" - Operation not supported

It seems to listen to 127.0.0.1:631, which should be lo. The last
message tough "operation not supported" does not explain itself, at
least not to me.
ps -Af | grep cupsd shows that the daemon is up and running.
So I'm scratching my head a bit on this.

Brgs
PAR

The "operation not supported" is an indication that selinux is not
enabled. So CUPS could not set the Access Control List values. This
will not stop CUPS from running. The "Listening to 127.0.0.1:631"
says that the CUPS web interface is only available to the local
machine, on port 631. You can not connect to it from another machine
on the network. (This does not affect connecting to printers on your
machine - that is another setting.)

Mikkel
I don't have a real network, just a backup PC connected through an eth card.
I do not need to print from other PC's, so what you say may imply that this should work
by the look of it?
Regarding SElinux - /etc/selinux/config contains:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#    targeted - Only targeted network daemons are protected.
#    strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As to checking if SElinux is enabled the command (listed in my FC5 "bible")
$/usr/sbin/sestatus -v
gives as output:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

Process contexts:
Current context:                user_u:system_r:unconfined_t
Init context:                   system_u:system_r:init_t
/sbin/mingetty                  system_u:system_r:getty_t

File contexts:
Controlling term:               user_u:object_r:devpts_t
/etc/passwd                     system_u:object_r:etc_t
/etc/shadow                     system_u:object_r:shadow_t
/bin/bash                       system_u:object_r:shell_exec_t
/bin/login                      system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t
/sbin/agetty                    system_u:object_r:getty_exec_t
/sbin/init                      system_u:object_r:init_exec_t
/sbin/mingetty                  system_u:object_r:getty_exec_t
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:lib_t /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t

... so SElinux seems to be enabled.
BUT: In my security level configuration I don't find an entry for "printer" or "printing",
should I expect such an entry?

Perhaps I need to reinstall CUPS - which would be the best download site ?




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]