SELinux denying Brother printer to CUPS

Simon Slater pyevet at aapt.net.au
Mon Nov 12 01:15:40 UTC 2007 

G'day again,
	I am setting up a Brother MFC665CW in F7.  As far as I know I have
followed the Brother instructions and FAQ.  It prints fine via USB.
When sending a CUPS test page these avc denials are given:
1/
avc: denied { write } for comm="brprintconf_mfc" dev=dm-0 egid=7 euid=4
exe="/usr/bin/brprintconf_mfc665cw" exit=-13 fsgid=7 fsuid=4 gid=7
items=0
name="inf" pid=3089 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
2/
avc: denied { append } for comm="sh" dev=dm-0 egid=7 euid=4
exe="/bin/bash"
exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
3/
avc: denied { write } for comm="sh" dev=dm-0 egid=7 euid=4
exe="/bin/bash"
exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
4/
avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
euid=4
exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
name="filtermfc665cw"
pid=3541 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
5/
avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
euid=4
exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
name="brcupsconfpt1"
pid=3539 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
6/
avc: denied { execute_no_trans } for comm="cupsd" dev=dm-0 egid=7 euid=4
exe="/usr/sbin/cupsd" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
name="brlpdwrappermfc665cw"
path="/usr/lib/cups/filter/brlpdwrappermfc665cw"
pid=3257 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=root:object_r:lib_t:s0 tty=(none) uid=4

	I have followed the advice of setroubleshoot and have:
touch /.autorelabel; reboot
but still no change.

	There seems to be many files involved.  What is the source of the
problem?  SEtroubleshoot suggests local policy rules (reading up on that
now in FC5 selinux FAQ) but how many will be needed? One for each type
of denial.

	Any help greatly appreciated. I've been fiddling with this for over a
week now :(

-- 
Regards
Simon

More information about the users mailing list