CUPS problem
PerAntonRønning
pa-ronn at online.no
Thu Aug 23 09:00:33 UTC 2007
PerAntonRønning wrote:
> Mikkel L. Ellertson wrote:
>> PerAntonRønning wrote:
>>
>>> Hi Andy
>>> a minor extract of the error_log shows this:
>>> I [22/Aug/2007:12:42:00 +0200] Full reload is required.
>>> I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from
>>> '/etc/cups': 33
>>> types, 38 filters...
>>> I [22/Aug/2007:12:42:01 +0200] Loading job cache file
>>> "/var/cache/cups/job.cache"...
>>> I [22/Aug/2007:12:42:01 +0200] Full reload complete.
>>> I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
>>> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>>> "/var/run/cups/certs/0" - Operation not supported
>>>
>>> It seems to listen to 127.0.0.1:631, which should be lo. The last
>>> message tough "operation not supported" does not explain itself, at
>>> least not to me.
>>> ps -Af | grep cupsd shows that the daemon is up and running.
>>> So I'm scratching my head a bit on this.
>>>
>>> Brgs
>>> PAR
>>>
>>>
>> The "operation not supported" is an indication that selinux is not
>> enabled. So CUPS could not set the Access Control List values. This
>> will not stop CUPS from running. The "Listening to 127.0.0.1:631"
>> says that the CUPS web interface is only available to the local
>> machine, on port 631. You can not connect to it from another machine
>> on the network. (This does not affect connecting to printers on your
>> machine - that is another setting.)
>>
>> Mikkel
>>
> I don't have a real network, just a backup PC connected through an eth
> card.
> I do not need to print from other PC's, so what you say may imply that
> this should work
> by the look of it?
> Regarding SElinux - /etc/selinux/config contains:
> # This file controls the state of SELinux on the system.
> # SELINUX= can take one of these three values:
> # enforcing - SELinux security policy is enforced.
> # permissive - SELinux prints warnings instead of enforcing.
> # disabled - SELinux is fully disabled.
> SELINUX=enforcing
> # SELINUXTYPE= type of policy in use. Possible values are:
> # targeted - Only targeted network daemons are protected.
> # strict - Full SELinux protection.
> SELINUXTYPE=targeted
> # SETLOCALDEFS= Check local definition changes
> SETLOCALDEFS=0
>
> As to checking if SElinux is enabled the command (listed in my FC5
> "bible")
> $/usr/sbin/sestatus -v
> gives as output:
>
> SELinux status: enabled
> SELinuxfs mount: /selinux
> Current mode: enforcing
> Mode from config file: enforcing
> Policy version: 21
> Policy from config file: targeted
>
> Process contexts:
> Current context: user_u:system_r:unconfined_t
> Init context: system_u:system_r:init_t
> /sbin/mingetty system_u:system_r:getty_t
>
> File contexts:
> Controlling term: user_u:object_r:devpts_t
> /etc/passwd system_u:object_r:etc_t
> /etc/shadow system_u:object_r:shadow_t
> /bin/bash system_u:object_r:shell_exec_t
> /bin/login system_u:object_r:login_exec_t
> /bin/sh system_u:object_r:bin_t ->
> system_u:object_r:shell_exec_t
> /sbin/agetty system_u:object_r:getty_exec_t
> /sbin/init system_u:object_r:init_exec_t
> /sbin/mingetty system_u:object_r:getty_exec_t
> /usr/sbin/sshd system_u:object_r:sshd_exec_t
> /lib/libc.so.6 system_u:object_r:lib_t ->
> system_u:object_r:lib_t
> /lib/ld-linux.so.2 system_u:object_r:lib_t ->
> system_u:object_r:ld_so_t
>
> ... so SElinux seems to be enabled.
> BUT: In my security level configuration I don't find an entry for
> "printer" or "printing",
> should I expect such an entry?
--- OPPPS! It must have been too late in the evening. I was referring
to the firewall section (tab) of the config screen not the SElinux tab.
Printing appears under SELinux.
So, this seems to be a real puzzle, perhaps I have to reinstall FC5.
(I am a bit conservative when it comes to new versions, I want them to
be tested out a bit first,
so I wait with FC7. Anyone thinking this is too conservative?)
More information about the users
mailing list