CUPS problem
PerAntonRønning
pa-ronn at online.no
Thu Aug 23 13:33:25 UTC 2007
Aaron Konstam wrote:
> On Thu, 2007-08-23 at 11:00 +0200, PerAntonRønning wrote:
>
>> PerAntonRønning wrote:
>>
>>> Mikkel L. Ellertson wrote:
>>>
>>>> PerAntonRønning wrote:
>>>>
>>>>
>>>>> Hi Andy
>>>>> a minor extract of the error_log shows this:
>>>>> I [22/Aug/2007:12:42:00 +0200] Full reload is required.
>>>>> I [22/Aug/2007:12:42:00 +0200] Loaded MIME database from
>>>>> '/etc/cups': 33
>>>>> types, 38 filters...
>>>>> I [22/Aug/2007:12:42:01 +0200] Loading job cache file
>>>>> "/var/cache/cups/job.cache"...
>>>>> I [22/Aug/2007:12:42:01 +0200] Full reload complete.
>>>>> I [22/Aug/2007:12:42:01 +0200] Listening to 127.0.0.1:631 on fd 0...
>>>>> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>>>>> "/var/run/cups/certs/0" - Operation not supported
>>>>>
>>>>> It seems to listen to 127.0.0.1:631, which should be lo. The last
>>>>> message tough "operation not supported" does not explain itself, at
>>>>> least not to me.
>>>>> ps -Af | grep cupsd shows that the daemon is up and running.
>>>>> So I'm scratching my head a bit on this.
>>>>>
>>>>> Brgs
>>>>> PAR
>>>>>
>>>>>
>>>>>
>>>> The "operation not supported" is an indication that selinux is not
>>>> enabled. So CUPS could not set the Access Control List values. This
>>>> will not stop CUPS from running. The "Listening to 127.0.0.1:631"
>>>> says that the CUPS web interface is only available to the local
>>>> machine, on port 631. You can not connect to it from another machine
>>>> on the network. (This does not affect connecting to printers on your
>>>> machine - that is another setting.)
>>>>
>>>> Mikkel
>>>>
>>>>
>>> I don't have a real network, just a backup PC connected through an eth
>>> card.
>>> I do not need to print from other PC's, so what you say may imply that
>>> this should work
>>> by the look of it?
>>> Regarding SElinux - /etc/selinux/config contains:
>>> # This file controls the state of SELinux on the system.
>>> # SELINUX= can take one of these three values:
>>> # enforcing - SELinux security policy is enforced.
>>> # permissive - SELinux prints warnings instead of enforcing.
>>> # disabled - SELinux is fully disabled.
>>> SELINUX=enforcing
>>> # SELINUXTYPE= type of policy in use. Possible values are:
>>> # targeted - Only targeted network daemons are protected.
>>> # strict - Full SELinux protection.
>>> SELINUXTYPE=targeted
>>> # SETLOCALDEFS= Check local definition changes
>>> SETLOCALDEFS=0
>>>
>>> As to checking if SElinux is enabled the command (listed in my FC5
>>> "bible")
>>> $/usr/sbin/sestatus -v
>>> gives as output:
>>>
>>> SELinux status: enabled
>>> SELinuxfs mount: /selinux
>>> Current mode: enforcing
>>> Mode from config file: enforcing
>>> Policy version: 21
>>> Policy from config file: targeted
>>>
>>> Process contexts:
>>> Current context: user_u:system_r:unconfined_t
>>> Init context: system_u:system_r:init_t
>>> /sbin/mingetty system_u:system_r:getty_t
>>>
>>> File contexts:
>>> Controlling term: user_u:object_r:devpts_t
>>> /etc/passwd system_u:object_r:etc_t
>>> /etc/shadow system_u:object_r:shadow_t
>>> /bin/bash system_u:object_r:shell_exec_t
>>> /bin/login system_u:object_r:login_exec_t
>>> /bin/sh system_u:object_r:bin_t ->
>>> system_u:object_r:shell_exec_t
>>> /sbin/agetty system_u:object_r:getty_exec_t
>>> /sbin/init system_u:object_r:init_exec_t
>>> /sbin/mingetty system_u:object_r:getty_exec_t
>>> /usr/sbin/sshd system_u:object_r:sshd_exec_t
>>> /lib/libc.so.6 system_u:object_r:lib_t ->
>>> system_u:object_r:lib_t
>>> /lib/ld-linux.so.2 system_u:object_r:lib_t ->
>>> system_u:object_r:ld_so_t
>>>
>>> ... so SElinux seems to be enabled.
>>> BUT: In my security level configuration I don't find an entry for
>>> "printer" or "printing",
>>> should I expect such an entry?
>>>
>> --- OPPPS! It must have been too late in the evening. I was referring
>> to the firewall section (tab) of the config screen not the SElinux tab.
>> Printing appears under SELinux.
>> So, this seems to be a real puzzle, perhaps I have to reinstall FC5.
>> (I am a bit conservative when it comes to new versions, I want them to
>> be tested out a bit first,
>> so I wait with FC7. Anyone thinking this is too conservative?)
>>
>>
> I do. How about disabling selinux and see if printing starts working.
> In the environment you describe I don't see that selinux is doing that
> much for you.
>
> As to the error below it is really mysterious.
>
> E [22/Aug/2007:12:42:01 +0200] Unable to set ACLs on root certificate
>
>>>> "/var/run/cups/certs/0" - Operation not supported
>>>>
>
> /var/run/cups/certs/0 is r--r---- on my machine. Setting the ACL on such
> a file seems hard to say the least.
>
I did disable selinux, rebooted the machine, but nothing changed. So,
this may be due to some CUPS problem.
This is something I have never done before - should I remove and then
download and reinstall
the whole thing?
Next thing may be to reinstall FC5 from the bottom and up. THAT I've
done before :-)
Brgds
PAR
More information about the users
mailing list