On Thu, 2005-07-28 at 16:50 +0100, Tim Waugh wrote:
On Thu, Jul 28, 2005 at 11:16:31AM -0400, Daniel J Walsh wrote:
Can you change classes.conf to cupsd_etc_rw_t?
chcon -t cupsd_etc_rw_t classes.conf
And see if it works?
It's worth pointing out that I finally gave up and changed the way that system-config-printer writes out configuration files, just to make selinux happy. This week's Fedora Update contains that change, so possibly the reporter did not have that package updated.
I had been getting it to write to a new file in the correct directory, then rename over the original file. The new way is to overwrite the original file and cross our fingers that CUPS doesn't want to read the file before we've finished writing it.
Daniel, for the record: what is the recommended way for system tools to write configuration files?
Creating a new file and renaming it over the old one is obviously safer. As far as the security context goes, you can either define an automatic file type transition if the (process domain, parent directory type) is sufficient to distinguish the file or you can have the program do an explicit setfscreatecon() before creating the new file, either using the result of a getfilecon() on the original file to get the old context or using matchpathcon() to get it from the policy based on the path.