Lukas Vrabec <lvrabec(a)redhat.com> writes:
On 03/31/2017 04:30 PM, Oleg Pykhalov wrote:
>> On 03/30/2017 01:19 PM, Martin Gansser wrote:
>> $ cat boomaga_local.cil
>> (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
>>
>> # semodule -i boomaga_local.cil
>
> Thank you for tip but I get another error. So I still have some delay
> printing to boomaga printer.
>
> $ sudo semodule -l | grep boomaga
> boomaga
> boomaga_local
>
> $ cat boomaga_local.cil
> (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
>
> $ journalctl -b
> Mar 31 17:08:31 magnolia.home.lan audit[1070]: USER_AVC pid=1070
> uid=81 auid=4294967295 ses=4294967295
> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:
> denied { send_msg } for msgtype=method_return dest=:1.1062 spid=1084
> tpid=12021 scontext=system_u:system_r:systemd_logind_t:s0
> tcontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023 tclass=dbus
> exe="/usr/bin/dbus-daemon"
> sauid=81 hostname=? addr=? terminal=?'
>
Update your boomaga_local.cil file:
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
(allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
and load it again:
# semodule -i boomaga_local.cil
Lukas.
_______________________________________________
> selinux mailing list -- selinux(a)lists.fedoraproject.org
> To unsubscribe send an email to selinux-leave(a)lists.fedoraproject.org
>
Thank you for supporting this issue. I got another bunch of errors, but
I tried to solve it myself.
$ journalctl -b
Apr 04 19:17:47 magnolia.home.lan audit[938]: USER_AVC pid=938 uid=81
auid=4294967295 ses=4294967295
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied
{send_msg } for msgtype=method_call
interface=org.freedesktop.DBus.Introspectable member=Introspect
dest=org.freedesktop.login1 spid=5692 tpid=952
scontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023
tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus
exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
(allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
(allow boomaga_cups_t systemd_logind_t(dbus (send_msg)))
$ sudo semodule -i boomaga_local.cil
$ journalctl -b
Apr 04 19:30:48 magnolia.home.lan dbus-daemon[1597]: avc: denied {
send_msg } for msgtype=method_call interface=org.boomaga member=add
dest=org.boomaga spid=6894 tpid=6852
scontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=dbus
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
(allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
(allow boomaga_cups_t systemd_logind_t(dbus (send_msg)))
(allow boomaga_cups_t unconfined_t(dbus (send_msg)))
$ sudo semodule -i boomaga_local.cil
Printing to boomaga is working without errors and delays now.