Printing jobs

Richard Vickery richard.vickeryrv at
Sun Mar 31 19:30:50 UTC 2013

> No.  The file /etc/selinux/targeted/contexts/files/file_contexts is
> provided by selinux-policy-targeted.  cups and hplip are not mutually
> exclusive.
> I just checked and earlier versions of the policy did have
> hplip_var_lib....
> So....
> yum update selinux-policy-targeted
> Should correct that problem....
> Can you print with lpr using either -P or setting the default?
Installing the above and going to print now get an error in the form of the
following, forcing me to go back through emails to figure out how I got in
recently. If I can't get a bug report done today, the following is what I
have just had returned:

SELinux is preventing /usr/sbin/cupsd from using the 'transition' accesses
on a process.

*****  Plugin catchall (100. confidence) suggests

If you believe that cupsd should be allowed transition access on processes
labeled cupsd_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
allow this access for now by executing:
# grep cupsd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Objects                /usr/lib/cups/notifier/dbus [ process ]
Source                        cupsd
Source Path                   /usr/sbin/cupsd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           cups-1.5.4-20.fc18.x86_64
Target RPM Packages           cups-1.5.4-20.fc18.x86_64
Policy RPM                    selinux-policy-3.11.1-86.fc18.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.7.2-204.fc18.x86_64 #1 SMP
                              Jan 16 16:22:52 UTC 2013 x86_64 x86_64
Alert Count                   3
First Seen                    2013-03-31 11:56:30 PDT
Last Seen                     2013-03-31 11:56:31 PDT
Local ID                      af46d3ea-017a-46e6-b6bd-00c9f11f0365

Raw Audit Messages
type=AVC msg=audit(1364756191.10:348): avc:  denied  { transition } for
 pid=3457 comm="cupsd" path="/usr/lib/cups/notifier/dbus" dev="dm-2"
ino=263939 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=process

type=SYSCALL msg=audit(1364756191.10:348): arch=x86_64 syscall=execve
success=no exit=EACCES a0=7fff18a45a10 a1=7fff18a45550 a2=7fff18a45570
a3=7fff18a449e0 items=0 ppid=1688 pid=3457 auid=4294967295 uid=4 gid=7
euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 ses=4294967295 tty=(none)
comm=cupsd exe=/usr/sbin/cupsd
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

Hash: cupsd,cupsd_t,cupsd_t,process,transition


#============= cupsd_t ==============
allow cupsd_t self:process transition;

audit2allow -R

#============= cupsd_t ==============
allow cupsd_t self:process transition;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list