[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Selinux, cups, hplip



On 06/20/2009 01:50 PM, Steven Stern wrote:
On 06/20/2009 06:12 AM, Daniel J Walsh wrote:
On 06/19/2009 07:10 PM, Steven Stern wrote:
After installing hplip-gui, I got selinux errors when checking on the
printer status.

audit2allow generated the following policy

module cups20090619 1.0;

require {
type hwdata_t;
type xdm_t;
class dir search;
class file { read getattr open };
}

#============= xdm_t ==============
allow xdm_t hwdata_t:dir search;
allow xdm_t hwdata_t:file { read getattr open };


xdm is checking the printer status? This allow rule indicates the X
Login program is checking the printer status. Could you attach the AVC's
you used to generate this policy.


And here's another one related to hplip

type=AVC msg=audit(1245520061.974:38037): avc: denied { read } for
pid=25561 comm="python" name="mls" dev=selinuxfs ino=12
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file

type=AVC msg=audit(1245520061.974:38037): avc: denied { read open } for
pid=25561 comm="python" name="mls" dev=selinuxfs ino=12
scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:object_r:security_t:s0 tclass=file



Could you report this as a bug to cups. Cups has some MLS aware ness in it and maybe it is reading this file directly rather then through libselinux. CC me on the bug report dwalsh redhat com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]