Bug 205934
Summary: | "SELinux" avc denied problem w/ "CUPS" | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 5 | Reporter: | Joachim Frieben <jfrieben> | ||||
Component: | selinux-policy-targeted | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 5.0 | CC: | dwalsh, twaugh | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | noarch | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | 5.0.0 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2006-11-28 21:08:19 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Joachim Frieben
2006-09-10 14:55:33 UTC
Created attachment 135930 [details]
Current "audit.log" file with "avc: denied" entries
Does cups seem to be working correctly? Looks like the policy should currently dontaudit this. But I am not sure how cupsd handles serial printers. The other AVC messages seem to involve xdm/XServer leaking some file descriptors, setroubleshoot is fixed in Rawhide. Printing works for me, probably because "SELinux" is running in "permissive" mode here. I haven't checked for "enforcing" mode yet. Btw, I do not have any serial printer attached. It's an "HP LaserJet 4100" network printer which is controlled through the "JetDirect" interface. For serial printers CUPS runs the 'serial' backend (/usr/lib/cups/backend/serial). The general process seems to be: open(resource, O_RDWR | O_NOCTTY | O_EXCL | O_NDELAY) tcgetattr(device_fd, &origopts); tcgetattr(device_fd, &opts); ... cfsetispeed(&opts, atoi(value)); cfsetospeed(&opts, atoi(value)); tcsetattr(device_fd, TCSANOW, &opts); fcntl(device_fd, F_SETFL, 0); if (FD_ISSET(device_fd, &input)) { if ((bc_bytes = read(device_fd, bc_buffer, sizeof(bc_buffer))) > 0) ... } ioctl(device_fd, TIOCMGET, &status); /* until DSR set */ write(device_fd, print_ptr, print_bytes); tcsetattr(device_fd, TCSADRAIN, &origopts); close(device_fd); Full source in cups-1.2.3/backend/serial.c. Fixed in selinux-policy-2.3.14-3 Adding to beta blocker since meets criteria and is already fixed. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering. This request is not yet committed for inclusion in release. |