[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SELinux denying Brother printer to CUPS



On Mon, 2007-11-12 at 08:21 -0500, William Cohen wrote:
> Simon Slater wrote:
> > G'day again,
> > 	I am setting up a Brother MFC665CW in F7.  As far as I know I have
> > followed the Brother instructions and FAQ.  It prints fine via USB.
> > When sending a CUPS test page these avc denials are given:
> > 1/
> > avc: denied { write } for comm="brprintconf_mfc" dev=dm-0 egid=7 euid=4
> > exe="/usr/bin/brprintconf_mfc665cw" exit=-13 fsgid=7 fsuid=4 gid=7
> > items=0
> > name="inf" pid=3089 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> > sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 2/
> > avc: denied { append } for comm="sh" dev=dm-0 egid=7 euid=4
> > exe="/bin/bash"
> > exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 3/
> > avc: denied { write } for comm="sh" dev=dm-0 egid=7 euid=4
> > exe="/bin/bash"
> > exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 4/
> > avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> > euid=4
> > exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="filtermfc665cw"
> > pid=3541 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> > 5/
> > avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> > euid=4
> > exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="brcupsconfpt1"
> > pid=3539 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> > 6/
> > avc: denied { execute_no_trans } for comm="cupsd" dev=dm-0 egid=7 euid=4
> > exe="/usr/sbin/cupsd" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="brlpdwrappermfc665cw"
> > path="/usr/lib/cups/filter/brlpdwrappermfc665cw"
> > pid=3257 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:lib_t:s0 tty=(none) uid=4
> > 
> > 	I have followed the advice of setroubleshoot and have:
> > touch /.autorelabel; reboot
> > but still no change.
> > 
> > 	There seems to be many files involved.  What is the source of the
> > problem?  SEtroubleshoot suggests local policy rules (reading up on that
> > now in FC5 selinux FAQ) but how many will be needed? One for each type
> > of denial.
> > 
> > 	Any help greatly appreciated. I've been fiddling with this for over a
> > week now :(
> > 
> I had similar problems with setting up a Brother MCF5640cn on an F8 machine. 
> Have you tried the steps listed at the following URL?
> 
> http://solutions.brother.com/linux/sol/printer/linux/linux_faq-2.html#30
> 
> -Will
> 
Yes Will, with the exception that the directory structure is slightly
different.  At first I did exactly as in that FAQ but when running
"restorecon *" found that /usr/local/Brother/ contained the directories
lpd and inf, but these and the cupswrapper directories are also
under /usr/local/Brother/Printer/mfc665cw/ .  So I changed the reference
in /etc/selinux/targeted/contexts/files/file_contexts to include
the /Brother/Printer/mfc665cw/ path, thinking that these 3 directories
were all together under the printer model, then ran restorecon.  Should
the higher directories for .../inf/ and .../lpd be in file_contexts as
well as or instead of the lower path?

-- 
Regards
Simon


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]