SELinux preventing printing.

[Daniel J Walsh]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 05/03/2010 10:22 AM, Steve Blackwell wrote:
> My wife got a Lexmark X2670 printer with her new laptop and I connected
> it to my Fedora 11 system, and downloaded the driver from Lexmark.
> 
> SELinux is preventing me from printing to it. At first I got 4 AVCs
> about attempting to load shared libraries that require text relocation.
> This I fixed with:
> 
> # semanage fcontext -a -t textrel_shlib_t
> '/usr/local/lexmark/lxk08/lib(/.*)?'
> # restorecon -R -v /usr/local/lexmark/lxk08/lib
> 
> but now I'm getting this one: 
> 
> Raw Audit Messages :
> 
> node=steve.blackwell type=AVC
> msg=audit(1272894966.836:66): avc: denied { search } for pid=29536
> comm="printdriver" name="lib" dev=dm-0 ino=7635564
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir
> 
> node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66):
> arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0
> a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7
> euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295
> comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver"
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) 
> 
> What is the "correct" way to solve this? Create am audit2allow rule?
> 
> Thanks,
> Steve
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux


# semanage fcontext -d -t textrel_shlib_t
'/usr/local/lexmark/lxk08/lib(/.*)?
# semanage fcontext -a -t textrel_shlib_t
'/usr/local/lexmark/lxk08/lib/.*\.so.*'
# restorecon -R -v /usr/local/lexmark


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkve5dsACgkQrlYvE4MpobNllACff1YnvWPLe5xtq1xNe8QoaOQd
Z7IAnjfeC3L54N87hxVLw3Ypwc7vlQrl
=3MWW
-----END PGP SIGNATURE-----