SELinux denying Brother printer to CUPS
Simon Slater
pyevet at aapt.net.au
Wed Nov 14 02:38:43 UTC 2007
On Mon, 2007-11-12 at 14:40 -0500, Daniel J Walsh wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> Simon Slater wrote:
> > G'day again,
> > I am setting up a Brother MFC665CW in F7. As far as I know I have
> > followed the Brother instructions and FAQ. It prints fine via USB.
> > When sending a CUPS test page these avc denials are given:
> > 1/
> > avc: denied { write } for comm="brprintconf_mfc" dev=dm-0 egid=7 euid=4
> > exe="/usr/bin/brprintconf_mfc665cw" exit=-13 fsgid=7 fsuid=4 gid=7
> > items=0
> > name="inf" pid=3089 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> > sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 2/
> > avc: denied { append } for comm="sh" dev=dm-0 egid=7 euid=4
> > exe="/bin/bash"
> > exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 3/
> > avc: denied { write } for comm="sh" dev=dm-0 egid=7 euid=4
> > exe="/bin/bash"
> > exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 4/
> > avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> > euid=4
> > exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="filtermfc665cw"
> > pid=3541 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> > 5/
> > avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> > euid=4
> > exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="brcupsconfpt1"
> > pid=3539 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> > 6/
> > avc: denied { execute_no_trans } for comm="cupsd" dev=dm-0 egid=7 euid=4
> > exe="/usr/sbin/cupsd" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="brlpdwrappermfc665cw"
> > path="/usr/lib/cups/filter/brlpdwrappermfc665cw"
> > pid=3257 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:lib_t:s0 tty=(none) uid=4
> >
> > I have followed the advice of setroubleshoot and have:
> > touch /.autorelabel; reboot
> > but still no change.
> >
> > There seems to be many files involved. What is the source of the
> > problem? SEtroubleshoot suggests local policy rules (reading up on that
> > now in FC5 selinux FAQ) but how many will be needed? One for each type
> > of denial.
> >
> > Any help greatly appreciated. I've been fiddling with this for over a
> > week now :(
> >
> Are you running the latest selinux-policy for FC7? These files should
> be labeled bin_t.
Sorry for the slow reply Daniel, all I saw of your post in Evolution
was the PGP signature, so I kept reading other posts.
Just running F7 as it came on the DVD bought 3rd party. What command
will tell me which version it is? What is the latest? This afternoon I
should have this laptop connected to the net and will yum update.
--
Regards
Simon
More information about the users
mailing list