[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux, cups, hplip



On 06/20/2009 06:12 AM, Daniel J Walsh wrote:
On 06/19/2009 07:10 PM, Steven Stern wrote:
After installing hplip-gui, I got selinux errors when checking on the
printer status.

audit2allow generated the following policy

module cups20090619 1.0;

require {
type hwdata_t;
type xdm_t;
class dir search;
class file { read getattr open };
}

#============= xdm_t ==============
allow xdm_t hwdata_t:dir search;
allow xdm_t hwdata_t:file { read getattr open };


xdm is checking the printer status? This allow rule indicates the X
Login program is checking the printer status. Could you attach the AVC's
you used to generate this policy.

/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915): avc: denied { search } for pid=14744 comm="gnome-settings-" name="hwdata" dev=dm-0 ino=33869 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=dir

/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915): avc: denied { read } for pid=14744 comm="gnome-settings-" name="pnp.ids" dev=dm-0 ino=33873 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=file

/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915): avc: denied { open } for pid=14744 comm="gnome-settings-" name="pnp.ids" dev=dm-0 ino=33873 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=file

/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.693:58916): avc: denied { getattr } for pid=14744 comm="gnome-settings-" path="/usr/share/hwdata/pnp.ids" dev=dm-0 ino=33873 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hwdata_t:s0 tclass=file


--

  Steve


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]