HPLIP and Fedora9

Arthur Dent misc.lists at blueyonder.co.uk
Thu Aug 6 19:45:54 UTC 2009 

Hello all,

I tried today to install the latest hplip package from
http://hplipopensource.com to use the printer driver for my HP Printer
on my Fedora 9 system (I plan to upgrade to Fedora 11 in the next few
weeks). The install package warns you to turn off selinux so I
setenforce 0. I assumed that I would be able to write a policy before
resuming enforcing mode.

The install went fine with no avcs. I then tried to print a test page
and got 3 avcs (I can post in full if required). 

SELinux is preventing hp (hplip_t) "name_bind" howl_port_t.
SELinux is preventing hp (hplip_t) "search" to ./dbus
(system_dbusd_var_run_t).
SELinux is preventing hpcups (cupsd_t) "name_bind" howl_port_t. 

From these I tried to create a policy using audit2allow. This is what it
proposed:

##########################################
# cat myhplip.te
policy_module(myhplip, 9.0.1)

require {
	type cupsd_t;
	type hplip_t;
	type system_dbusd_t;
	class unix_stream_socket { write connectto search };
}

#============= cupsd_t ==============
corenet_udp_bind_howl_port(cupsd_t)

#============= hplip_t ==============
allow hplip_t system_dbusd_t:unix_stream_socket { write connectto
search };
corenet_udp_bind_howl_port(hplip_t)

##########################################

"make -f" worked OK on this, but when I tried semodule -i I got the
following error:

[root at localhost selinux]# semodule -i myhplip.pp
libsepol.permission_copy_callback: Module myhplip depends on permission
search in class unix_stream_socket, not satisfied
libsemanage.semanage_link_sandbox: Link packages failed
semodule:  Failed!


Is there any way I can resolve this?

The only existing bug I can find on hplip is 516078
(https://bugzilla.redhat.com/show_bug.cgi?id=516078) is it related?


Thanks in advance for any help or suggestions...

Mark


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090806/f20dc687/attachment.sig>

More information about the fedora-selinux-list mailing list