[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: CUPS problem

PerAntonRønning wrote:
Mikkel L. Ellertson wrote:
PerAntonRønning wrote:
Hi Andy
a minor extract of the error_log shows this:
I [22/Aug/2007:12:42:00 +0200] Full reload is required.
I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from '/etc/cups': 33
types, 38 filters...
I [22/Aug/2007:12:42:01 +0200] Loading job cache file
I [22/Aug/2007:12:42:01 +0200] Full reload complete.
I [22/Aug/2007:12:42:01 +0200] Listening to on fd 0...
E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
"/var/run/cups/certs/0" - Operation not supported

It seems to listen to, which should be lo. The last
message tough "operation not supported" does not explain itself, at
least not to me.
ps -Af | grep cupsd shows that the daemon is up and running.
So I'm scratching my head a bit on this.


The "operation not supported" is an indication that selinux is not
enabled. So CUPS could not set the Access Control List values. This
will not stop CUPS from running. The "Listening to"
says that the CUPS web interface is only available to the local
machine, on port 631. You can not connect to it from another machine
on the network. (This does not affect connecting to printers on your
machine - that is another setting.)

I don't have a real network, just a backup PC connected through an eth card. I do not need to print from other PC's, so what you say may imply that this should work
by the look of it?
Regarding SElinux - /etc/selinux/config contains:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
#    targeted - Only targeted network daemons are protected.
#    strict - Full SELinux protection.
# SETLOCALDEFS= Check local definition changes

As to checking if SElinux is enabled the command (listed in my FC5 "bible")
$/usr/sbin/sestatus -v
gives as output:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

Process contexts:
Current context:                user_u:system_r:unconfined_t
Init context:                   system_u:system_r:init_t
/sbin/mingetty                  system_u:system_r:getty_t

File contexts:
Controlling term:               user_u:object_r:devpts_t
/etc/passwd                     system_u:object_r:etc_t
/etc/shadow                     system_u:object_r:shadow_t
/bin/bash                       system_u:object_r:shell_exec_t
/bin/login                      system_u:object_r:login_exec_t
/bin/sh system_u:object_r:bin_t -> system_u:object_r:shell_exec_t
/sbin/agetty                    system_u:object_r:getty_exec_t
/sbin/init                      system_u:object_r:init_exec_t
/sbin/mingetty                  system_u:object_r:getty_exec_t
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t
/lib/libc.so.6 system_u:object_r:lib_t -> system_u:object_r:lib_t /lib/ld-linux.so.2 system_u:object_r:lib_t -> system_u:object_r:ld_so_t

... so SElinux seems to be enabled.
BUT: In my security level configuration I don't find an entry for "printer" or "printing",
should I expect such an entry?
--- OPPPS! It must have been too late in the evening. I was referring to the firewall section (tab) of the config screen not the SElinux tab. Printing appears under SELinux.
So, this seems to be a real puzzle, perhaps I have to reinstall FC5.
(I am a bit conservative when it comes to new versions, I want them to be tested out a bit first,
so I wait with FC7. Anyone thinking this is too conservative?)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]