Bug 151475
Summary: | Adding LPD printer through system-config-printer fails due to selinux | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Keith Sharp <kms> |
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> |
Status: | CLOSED RAWHIDE | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | medium | ||
Version: | 4 | CC: | gerry, lux, twaugh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2005-03-22 12:44:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Keith Sharp
2005-03-18 12:44:52 UTC
I am having the same identical problem. I filed bug #151345 against system-config-printer. This may be the better component for that bug *** Bug 151345 has been marked as a duplicate of this bug. *** I've merged these two bugs. The actual change needs to happen in the SELinux policy, since the lpd backend really does need to do use port 515 for outbound connections. Please run 'setenforce 0' and try again, and then post the resulting messages. Are there any new ones? After running "setenforce 0" I can add the printer and it will print the test page. I get the following in /var/log/audit.log: type=KERNEL msg=audit(1111164267.701:10910176): item=1 inode=131075 dev=00:00 type=KERNEL msg=audit(1111164267.701:10910176): item=0 name=/bin/hostname inode=229610 dev=00:00 type=KERNEL msg=audit(1111164267.701:10910176): syscall=11 exit=0 a0=9d888e0 a1=9d82dc0 a2=9a2c220 a3=9a2c25d items=2 pid=13683 loginuid=-1 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { write } for pid=13683 exe=/bin/hostname path=/var/cache/alchemist/printconf.rpm/wm/_PRINTCONF_BACKEND_ dev=dm-4 ino=524334 scontext=root:system_r:hostname_t tcontext=user_u:object_r:cupsd_rw_etc_t tclass=file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { write } for pid=13683 exe=/bin/hostname path=pipe:[60342] dev=pipefs ino=60342 scontext=root:system_r:hostname_t tcontext=root:system_r:unconfined_t tclass=fifo_file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { read } for pid=13683 exe=/bin/hostname path=pipe:[60342] dev=pipefs ino=60342 scontext=root:system_r:hostname_t tcontext=root:system_r:unconfined_t tclass=fifo_file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { read } for pid=13683 exe=/bin/hostname path=/var/cache/alchemist/printconf.rpm/wm/_PRINTCONF_BACKEND_ dev=dm-4 ino=524334 scontext=root:system_r:hostname_t tcontext=user_u:object_r:cupsd_rw_etc_t tclass=file type=KERNEL msg=audit(1111164267.701:10910176): avc: denied { read } for pid=13683 exe=/bin/hostname path=/usr/share/printconf/util/queueTree.py dev=dm-3 ino=2556993 scontext=root:system_r:hostname_t tcontext=system_u:object_r:printconf_t tclass=file The hostname bugs make no sence. I have fixed the original problem in fixed in selinux-policy-targeted-1.23.3-2 Dan Does this have anything to do with bug# 145292 ? selinux-policy-targeted-1.23.3-2 fixes the original problem for me. I can now add a remote LPD printer using system-config-printer and print a test page. Who is repsonsible for marking this bug as fixed? Usually the poster if he is satisfied with the fix. |