CUPS problem

PerAntonRønning pa-ronn at online.no
Wed Aug 22 22:04:31 UTC 2007


Mikkel L. Ellertson wrote:
> PerAntonRønning wrote:
>   
>> Hi Andy
>> a minor extract of the error_log shows this:
>> I [22/Aug/2007:12:42:00 +0200] Full reload is required.
>> I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from '/etc/cups': 33
>> types, 38 filters...
>> I [22/Aug/2007:12:42:01 +0200] Loading job cache file
>> "/var/cache/cups/job.cache"...
>> I [22/Aug/2007:12:42:01 +0200] Full reload complete.
>> I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
>> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>> "/var/run/cups/certs/0" - Operation not supported
>>
>> It seems to listen to 127.0.0.1:631, which should be lo. The last
>> message tough "operation not supported" does not explain itself, at
>> least not to me.
>> ps -Af | grep cupsd shows that the daemon is up and running.
>> So I'm scratching my head a bit on this.
>>
>> Brgs
>> PAR
>>
>>     
> The "operation not supported" is an indication that selinux is not
> enabled. So CUPS could not set the Access Control List values. This
> will not stop CUPS from running. The "Listening to 127.0.0.1:631"
> says that the CUPS web interface is only available to the local
> machine, on port 631. You can not connect to it from another machine
> on the network. (This does not affect connecting to printers on your
> machine - that is another setting.)
>
> Mikkel
>   
I don't have a real network, just a backup PC connected through an eth card.
I do not need to print from other PC's, so what you say may imply that 
this should work
by the look of it?
Regarding SElinux - /etc/selinux/config contains:
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#    enforcing - SELinux security policy is enforced.
#    permissive - SELinux prints warnings instead of enforcing.
#    disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#    targeted - Only targeted network daemons are protected.
#    strict - Full SELinux protection.
SELINUXTYPE=targeted
# SETLOCALDEFS= Check local definition changes
SETLOCALDEFS=0

As to checking if SElinux is enabled the command (listed in my FC5 "bible")
$/usr/sbin/sestatus -v
gives as output:

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

Process contexts:
Current context:                user_u:system_r:unconfined_t
Init context:                   system_u:system_r:init_t
/sbin/mingetty                  system_u:system_r:getty_t

File contexts:
Controlling term:               user_u:object_r:devpts_t
/etc/passwd                     system_u:object_r:etc_t
/etc/shadow                     system_u:object_r:shadow_t
/bin/bash                       system_u:object_r:shell_exec_t
/bin/login                      system_u:object_r:login_exec_t
/bin/sh                         system_u:object_r:bin_t -> 
system_u:object_r:shell_exec_t
/sbin/agetty                    system_u:object_r:getty_exec_t
/sbin/init                      system_u:object_r:init_exec_t
/sbin/mingetty                  system_u:object_r:getty_exec_t
/usr/sbin/sshd                  system_u:object_r:sshd_exec_t
/lib/libc.so.6                  system_u:object_r:lib_t -> 
system_u:object_r:lib_t
/lib/ld-linux.so.2              system_u:object_r:lib_t -> 
system_u:object_r:ld_so_t

... so SElinux seems to be enabled.
BUT: In my security level configuration I don't find an entry for 
"printer" or "printing",
should I expect such an entry?

Perhaps I need to reinstall CUPS - which would be the best download site ?






More information about the users mailing list