[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: CUPS problem



On Thu, 2007-08-23 at 11:00 +0200, PerAntonRønning wrote:
> PerAntonRønning wrote:
> > Mikkel L. Ellertson wrote:
> >> PerAntonRønning wrote:
> >>  
> >>> Hi Andy
> >>> a minor extract of the error_log shows this:
> >>> I [22/Aug/2007:12:42:00 +0200] Full reload is required.
> >>> I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from 
> >>> '/etc/cups': 33
> >>> types, 38 filters...
> >>> I [22/Aug/2007:12:42:01 +0200] Loading job cache file
> >>> "/var/cache/cups/job.cache"...
> >>> I [22/Aug/2007:12:42:01 +0200] Full reload complete.
> >>> I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
> >>> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
> >>> "/var/run/cups/certs/0" - Operation not supported
> >>>
> >>> It seems to listen to 127.0.0.1:631, which should be lo. The last
> >>> message tough "operation not supported" does not explain itself, at
> >>> least not to me.
> >>> ps -Af | grep cupsd shows that the daemon is up and running.
> >>> So I'm scratching my head a bit on this.
> >>>
> >>> Brgs
> >>> PAR
> >>>
> >>>     
> >> The "operation not supported" is an indication that selinux is not
> >> enabled. So CUPS could not set the Access Control List values. This
> >> will not stop CUPS from running. The "Listening to 127.0.0.1:631"
> >> says that the CUPS web interface is only available to the local
> >> machine, on port 631. You can not connect to it from another machine
> >> on the network. (This does not affect connecting to printers on your
> >> machine - that is another setting.)
> >>
> >> Mikkel
> >>   
> > I don't have a real network, just a backup PC connected through an eth 
> > card.
> > I do not need to print from other PC's, so what you say may imply that 
> > this should work
> > by the look of it?
> > Regarding SElinux - /etc/selinux/config contains:
> > # This file controls the state of SELinux on the system.
> > # SELINUX= can take one of these three values:
> > #    enforcing - SELinux security policy is enforced.
> > #    permissive - SELinux prints warnings instead of enforcing.
> > #    disabled - SELinux is fully disabled.
> > SELINUX=enforcing
> > # SELINUXTYPE= type of policy in use. Possible values are:
> > #    targeted - Only targeted network daemons are protected.
> > #    strict - Full SELinux protection.
> > SELINUXTYPE=targeted
> > # SETLOCALDEFS= Check local definition changes
> > SETLOCALDEFS=0
> >
> > As to checking if SElinux is enabled the command (listed in my FC5 
> > "bible")
> > $/usr/sbin/sestatus -v
> > gives as output:
> >
> > SELinux status:                 enabled
> > SELinuxfs mount:                /selinux
> > Current mode:                   enforcing
> > Mode from config file:          enforcing
> > Policy version:                 21
> > Policy from config file:        targeted
> >
> > Process contexts:
> > Current context:                user_u:system_r:unconfined_t
> > Init context:                   system_u:system_r:init_t
> > /sbin/mingetty                  system_u:system_r:getty_t
> >
> > File contexts:
> > Controlling term:               user_u:object_r:devpts_t
> > /etc/passwd                     system_u:object_r:etc_t
> > /etc/shadow                     system_u:object_r:shadow_t
> > /bin/bash                       system_u:object_r:shell_exec_t
> > /bin/login                      system_u:object_r:login_exec_t
> > /bin/sh                         system_u:object_r:bin_t -> 
> > system_u:object_r:shell_exec_t
> > /sbin/agetty                    system_u:object_r:getty_exec_t
> > /sbin/init                      system_u:object_r:init_exec_t
> > /sbin/mingetty                  system_u:object_r:getty_exec_t
> > /usr/sbin/sshd                  system_u:object_r:sshd_exec_t
> > /lib/libc.so.6                  system_u:object_r:lib_t -> 
> > system_u:object_r:lib_t
> > /lib/ld-linux.so.2              system_u:object_r:lib_t -> 
> > system_u:object_r:ld_so_t
> >
> > ... so SElinux seems to be enabled.
> > BUT: In my security level configuration I don't find an entry for 
> > "printer" or "printing",
> > should I expect such an entry?
>   --- OPPPS! It must have been too late in the evening.  I was referring 
> to the firewall section (tab) of the config screen not the SElinux tab.  
> Printing appears under SELinux.
> So, this seems to be a real puzzle, perhaps I have to reinstall FC5.
> (I am a bit conservative when it comes to new versions, I want them to 
> be tested out a bit first,
> so I wait with FC7. Anyone thinking this is too conservative?)
> 
I do. How about disabling selinux and see if printing starts working.
In the environment you describe I don't see that selinux is doing that
much for you.

As to the error below it is really mysterious.

E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>>> "/var/run/cups/certs/0" - Operation not supported

/var/run/cups/certs/0 is r--r---- on my machine. Setting the ACL on such
a file seems hard to say the least.

--

======================================================================= ... it is easy to be blinded to the essential uselessness of them by the sense of achievement you get from getting them to work at all. In other words... their fundamental design flaws are completely hidden by their superficial design flaws. -- The Hitchhiker's Guide to the Galaxy, on the products of the Sirius Cybernetics Corporation. ======================================================================= Aaron Konstam telephone: (210) 656-0355 e-mail: akonstam sbcglobal net


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]