Bug 158359

Summary: enforcing targeted policy stops hpoj from starting
Product: [Fedora] Fedora Reporter: Alexandre Oliva <oliva>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 4   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 1.25.4-10.1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-09-15 15:57:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
audit.log entries generated after setenforce 0, for service hpoj restart; service cups restart none

Description Alexandre Oliva 2005-05-20 20:48:54 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.8) Gecko/20050512 Fedora/1.0.4-2 Firefox/1.0.4

Description of problem:
A ptal (hpoj)-controlled printer doesn't work if targeted policy is in enforcing mode.  Upon service hpoj restart, /var/log/messages will contain messages such as:

ptal-mlcd: FATAL ERROR at ParPort.cpp:48, dev=<mlc:par:OfficeJet_Series_700>, pid=4471, e=1, t=1116621163         Access denied to parallel
port!

xojpanel doesn't work.  Oddly, if I start ptal-init to reconfigure the device, then mlcd starts successfully, and xojpanel works.

setenforce 0 followed by service hpoj restart; service cups restart enables the printer to work, logging to audit.log entries that audit2allow translates to:

allow cupsd_config_t devpts_t:chr_file { getattr ioctl };
allow ptal_t printer_device_t:chr_file getattr;
allow ptal_t self:capability sys_rawio;


Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.23.16-1

How reproducible:
Always

Steps to Reproduce:
1.Boot up with hpoj enabled, configured to control a ptal printer

Actual Results:  The printer won't work.  Restarting hpoj logs messages indicating mlcd couldn't access the printer device.

Expected Results:  It should have been brought up successfully.

Additional info:
Comment 1 Alexandre Oliva 2005-05-20 20:50:02 UTC 
Created attachment 114654 [details]
audit.log entries generated after setenforce 0, for service hpoj restart; service cups restart
Comment 2 Daniel Walsh 2005-05-23 20:47:12 UTC 
Fixed in selinux-policy-targeted-1.23.16-7
Comment 3 Alexandre Oliva 2005-05-31 20:02:32 UTC 
It's not in rawhide yet (we still have -6).  Any chance it could make to FC4?
Comment 4 Daniel Walsh 2005-05-31 20:35:31 UTC 
I will start backporting as soon as fc4 is Released.  Everything is frozen.

Dan
Comment 5 Alexandre Oliva 2005-06-01 11:47:00 UTC 
Not quite.  Major bugs and regressions can still be fixed, and broken printer
does qualify as a big one for me.  Anyhow, your call...  I'm away until Saturday
evening.