Bug 129025

Summary: cups writes /usr/share/printconf/util/backend.pyo, fails if /usr/share is not writable
Product: [Fedora] Fedora Reporter: Tom London <selinux>
Component: system-config-printerAssignee: Tim Waugh <twaugh>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mihai.ibanescu, sopwith, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: 0.6.134-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-06-16 16:36:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 136451    

Description Tom London 2004-08-03 05:33:33 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7) Gecko/20040625

Description of problem:
cups appears to open /usr/share/printconf/util/backend.pyo for writing.

This fails if /usr/share/.... is not writable, or if running with
strict SELinux policy.

Perhaps making /usr/share/printconf/util/backend.pyo a symlink
(say, to /etc/cups/backend.pyo)......

Version-Release number of selected component (if applicable):
cups-1.1.21-1.rc1.5

How reproducible:
Always

Steps to Reproduce:
1. boot system with USB printer (say, HP 950PSC), and /usr/share
read-only, or with SELinux strict/enforcing
2. 
3.
    

Additional info:
Comment 1 Tim Waugh 2004-08-03 08:13:55 UTC 
Fixing component.
Comment 2 Tim Waugh 2004-08-03 08:16:13 UTC 
Apps that ship Python code should also ship the .pyo/.pyc bits IMHO --
but apparently this is not trivial to do correctly.  CC'ing Python
maintainer for further input.

As far as SELinux goes (and I think this is what prompted this bug
report) these should be dontaudit, and I thought they were at one point.
Comment 3 Tom London 2004-08-03 14:23:57 UTC 
dontaudit would remove the avc's, but the write of the file would fail.

That would be OK if the the .pyo is never used, but then ....

thanks
Comment 4 Tim Waugh 2004-08-03 14:31:47 UTC 
The .pyo file is just to speed up loading of the Python module -- it
is for optimization, which in this case is lost in the noise of having
to load the foomatic database later on.
Comment 5 Tim Waugh 2004-12-22 15:56:30 UTC 
Waiting for redhat-rpm-config to turn on the Python pre-compilation.
Comment 6 Tim Waugh 2005-03-17 16:53:36 UTC 
(Reassigning.)
Comment 7 Elliot Lee 2005-03-22 04:43:21 UTC 
Tim - if you'll tell me what changes to make, I can do that, or feel free to
just check in the necessary changes yourself.
Comment 8 Tim Waugh 2005-03-22 11:36:48 UTC 
/usr/lib/rpm/brp-python-bytecompile needs to get run in
/usr/lib/rpm/redhat/brp-redhat.
Comment 9 Elliot Lee 2005-04-07 03:18:09 UTC 
Enabled in redhat-rpm-config CVS, it'll wind up in the dist sooner
Comment 10 Tim Waugh 2005-04-18 13:55:39 UTC 
Please build this.  Thanks.