On 03/31/2017 04:30 PM, Oleg Pykhalov wrote:
> On 03/30/2017 01:19 PM, Martin Gansser wrote:
> $ cat boomaga_local.cil
> (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
>
> # semodule -i boomaga_local.cil
Thank you for tip but I get another error. So I still have some delay
printing to boomaga printer.
$ sudo semodule -l | grep boomaga
boomaga
boomaga_local
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
$ journalctl -b
Mar 31 17:08:31 magnolia.home.lan audit[1070]: USER_AVC pid=1070 uid=81 auid=4294967295
ses=4294967295 subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied
{ send_msg } for msgtype=method_return dest=:1.1062 spid=1084 tpid=12021
scontext=system_u:system_r:systemd_logind_t:s0
tcontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023 tclass=dbus
exe="/usr/bin/dbus-daemon"
sauid=81 hostname=? addr=? terminal=?'
Update your boomaga_local.cil file:
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
(allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
and load it again:
# semodule -i boomaga_local.cil
Lukas.
_______________________________________________
selinux mailing list -- selinux(a)lists.fedoraproject.org
To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
--
Lukas Vrabec
SELinux Solutions
Red Hat, Inc.