CUPS problem

PerAntonRønning pa-ronn at online.no
Thu Aug 23 13:33:25 UTC 2007 

Aaron Konstam wrote:
> On Thu, 2007-08-23 at 11:00 +0200, PerAntonRønning wrote:
>   
>> PerAntonRønning wrote:
>>     
>>> Mikkel L. Ellertson wrote:
>>>       
>>>> PerAntonRønning wrote:
>>>>  
>>>>         
>>>>> Hi Andy
>>>>> a minor extract of the error_log shows this:
>>>>> I [22/Aug/2007:12:42:00 +0200] Full reload is required.
>>>>> I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from 
>>>>> '/etc/cups': 33
>>>>> types, 38 filters...
>>>>> I [22/Aug/2007:12:42:01 +0200] Loading job cache file
>>>>> "/var/cache/cups/job.cache"...
>>>>> I [22/Aug/2007:12:42:01 +0200] Full reload complete.
>>>>> I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
>>>>> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>>>>> "/var/run/cups/certs/0" - Operation not supported
>>>>>
>>>>> It seems to listen to 127.0.0.1:631, which should be lo. The last
>>>>> message tough "operation not supported" does not explain itself, at
>>>>> least not to me.
>>>>> ps -Af | grep cupsd shows that the daemon is up and running.
>>>>> So I'm scratching my head a bit on this.
>>>>>
>>>>> Brgs
>>>>> PAR
>>>>>
>>>>>     
>>>>>           
>>>> The "operation not supported" is an indication that selinux is not
>>>> enabled. So CUPS could not set the Access Control List values. This
>>>> will not stop CUPS from running. The "Listening to 127.0.0.1:631"
>>>> says that the CUPS web interface is only available to the local
>>>> machine, on port 631. You can not connect to it from another machine
>>>> on the network. (This does not affect connecting to printers on your
>>>> machine - that is another setting.)
>>>>
>>>> Mikkel
>>>>   
>>>>         
>>> I don't have a real network, just a backup PC connected through an eth 
>>> card.
>>> I do not need to print from other PC's, so what you say may imply that 
>>> this should work
>>> by the look of it?
>>> Regarding SElinux - /etc/selinux/config contains:
>>> # This file controls the state of SELinux on the system.
>>> # SELINUX= can take one of these three values:
>>> #    enforcing - SELinux security policy is enforced.
>>> #    permissive - SELinux prints warnings instead of enforcing.
>>> #    disabled - SELinux is fully disabled.
>>> SELINUX=enforcing
>>> # SELINUXTYPE= type of policy in use. Possible values are:
>>> #    targeted - Only targeted network daemons are protected.
>>> #    strict - Full SELinux protection.
>>> SELINUXTYPE=targeted
>>> # SETLOCALDEFS= Check local definition changes
>>> SETLOCALDEFS=0
>>>
>>> As to checking if SElinux is enabled the command (listed in my FC5 
>>> "bible")
>>> $/usr/sbin/sestatus -v
>>> gives as output:
>>>
>>> SELinux status:                 enabled
>>> SELinuxfs mount:                /selinux
>>> Current mode:                   enforcing
>>> Mode from config file:          enforcing
>>> Policy version:                 21
>>> Policy from config file:        targeted
>>>
>>> Process contexts:
>>> Current context:                user_u:system_r:unconfined_t
>>> Init context:                   system_u:system_r:init_t
>>> /sbin/mingetty                  system_u:system_r:getty_t
>>>
>>> File contexts:
>>> Controlling term:               user_u:object_r:devpts_t
>>> /etc/passwd                     system_u:object_r:etc_t
>>> /etc/shadow                     system_u:object_r:shadow_t
>>> /bin/bash                       system_u:object_r:shell_exec_t
>>> /bin/login                      system_u:object_r:login_exec_t
>>> /bin/sh                         system_u:object_r:bin_t -> 
>>> system_u:object_r:shell_exec_t
>>> /sbin/agetty                    system_u:object_r:getty_exec_t
>>> /sbin/init                      system_u:object_r:init_exec_t
>>> /sbin/mingetty                  system_u:object_r:getty_exec_t
>>> /usr/sbin/sshd                  system_u:object_r:sshd_exec_t
>>> /lib/libc.so.6                  system_u:object_r:lib_t -> 
>>> system_u:object_r:lib_t
>>> /lib/ld-linux.so.2              system_u:object_r:lib_t -> 
>>> system_u:object_r:ld_so_t
>>>
>>> ... so SElinux seems to be enabled.
>>> BUT: In my security level configuration I don't find an entry for 
>>> "printer" or "printing",
>>> should I expect such an entry?
>>>       
>>   --- OPPPS! It must have been too late in the evening.  I was referring 
>> to the firewall section (tab) of the config screen not the SElinux tab.  
>> Printing appears under SELinux.
>> So, this seems to be a real puzzle, perhaps I have to reinstall FC5.
>> (I am a bit conservative when it comes to new versions, I want them to 
>> be tested out a bit first,
>> so I wait with FC7. Anyone thinking this is too conservative?)
>>
>>     
> I do. How about disabling selinux and see if printing starts working.
> In the environment you describe I don't see that selinux is doing that
> much for you.
>
> As to the error below it is really mysterious.
>
> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>   
>>>> "/var/run/cups/certs/0" - Operation not supported
>>>>         
>
> /var/run/cups/certs/0 is r--r---- on my machine. Setting the ACL on such
> a file seems hard to say the least.
>   

I did disable selinux, rebooted the machine, but nothing changed. So, 
this may be due to some CUPS problem.
This is something I have never done before - should I remove and then 
download and reinstall
the whole thing? 
Next thing may be to reinstall FC5 from the bottom and up. THAT I've 
done before :-)


Brgds
PAR

More information about the users mailing list