Printing jobs

Richard Vickery richard.vickeryrv at gmail.com
Sun Mar 31 19:30:50 UTC 2013 

>
> No.  The file /etc/selinux/targeted/contexts/files/file_contexts is
> provided by selinux-policy-targeted.  cups and hplip are not mutually
> exclusive.
>
> I just checked and earlier versions of the policy did have
> hplip_var_lib....
>
> So....
>
> yum update selinux-policy-targeted
>
> Should correct that problem....
>
> Can you print with lpr using either -P or setting the default?
>
>
Installing the above and going to print now get an error in the form of the
following, forcing me to go back through emails to figure out how I got in
recently. If I can't get a bug report done today, the following is what I
have just had returned:

SELinux is preventing /usr/sbin/cupsd from using the 'transition' accesses
on a process.

*****  Plugin catchall (100. confidence) suggests
 ***************************

If you believe that cupsd should be allowed transition access on processes
labeled cupsd_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep cupsd /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Objects                /usr/lib/cups/notifier/dbus [ process ]
Source                        cupsd
Source Path                   /usr/sbin/cupsd
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           cups-1.5.4-20.fc18.x86_64
Target RPM Packages           cups-1.5.4-20.fc18.x86_64
Policy RPM                    selinux-policy-3.11.1-86.fc18.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.7.2-204.fc18.x86_64 #1 SMP
Wed
                              Jan 16 16:22:52 UTC 2013 x86_64 x86_64
Alert Count                   3
First Seen                    2013-03-31 11:56:30 PDT
Last Seen                     2013-03-31 11:56:31 PDT
Local ID                      af46d3ea-017a-46e6-b6bd-00c9f11f0365

Raw Audit Messages
type=AVC msg=audit(1364756191.10:348): avc:  denied  { transition } for
 pid=3457 comm="cupsd" path="/usr/lib/cups/notifier/dbus" dev="dm-2"
ino=263939 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=process


type=SYSCALL msg=audit(1364756191.10:348): arch=x86_64 syscall=execve
success=no exit=EACCES a0=7fff18a45a10 a1=7fff18a45550 a2=7fff18a45570
a3=7fff18a449e0 items=0 ppid=1688 pid=3457 auid=4294967295 uid=4 gid=7
euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 ses=4294967295 tty=(none)
comm=cupsd exe=/usr/sbin/cupsd
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

Hash: cupsd,cupsd_t,cupsd_t,process,transition

audit2allow

#============= cupsd_t ==============
allow cupsd_t self:process transition;

audit2allow -R

#============= cupsd_t ==============
allow cupsd_t self:process transition;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20130331/6972c702/attachment.html>

More information about the users mailing list