Tim Waugh escreveu:
On Thu, Jul 28, 2005 at 11:56:48AM -0400, Daniel J Walsh wrote:
Is system-config-printer or the backend server rewrting the file? Changing classes.conf to cupsd_etc_rw_t should allow the backend to rewrite the file.
The backend is doing it -- printconf-backend.
As I mentioned before, the previous behaviour had been to create a new file and rename it over the old file, and the SELinux policy does not seem to allow that. Can you clarify what the correct procedure is for system tools that want to write configuration files for running daemons?
Thanks, Tim. */
Excuse me, I was confusing, because the avc message that I saw is related to when I changed the default printer using the cups web interface, one printer uses the hplip driver the another one no. I think that's it.
But, I did do strace xsane with SELinux enabled and with it disabled, and I get the following: "$ grep 32770 strace_xsane_with_selinux.txt read(6, "32770\n", 4096) = 6 connect(6, {sa_family=AF_INET, sin_port=htons(32770), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
$ grep 32770 strace_xsane_without_selinux.txt read(6, "32770\n", 4096) = 6 connect(6, {sa_family=AF_INET, sin_port=htons(32770), sin_addr=inet_addr("127.0.0.1")}, 16) = 0
$ grep 32771 strace_xsane_with_selinux.txt read(6, "32771\n", 4096) = 6 connect(7, {sa_family=AF_INET, sin_port=htons(32771), sin_addr=inet_addr("127.0.0.1")}, 16) = -1 ECONNREFUSED (Connection refused)
$ grep 32771 strace_xsane_without_selinux.txt read(6, "32771\n", 4096) = 6 connect(7, {sa_family=AF_INET, sin_port=htons(32771), sin_addr=inet_addr("127.0.0.1")}, 16) = 0"
And the audit log doesn't show nothing about the port 32771, with SELinux enabled.
I'm lost. Any ideas, please?
Vinicius.