Bug 419191
Summary: | SELinux is preventing /usr/bin/hpijs (cupsd_t) "execute_no_trans" to /usr/bin/hpijs (hplip_exec_t). | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Al Takishita <tak_hmb> | ||||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 7 | CC: | dbaron, galberte, twaugh | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | i686 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Current | Doc Type: | Bug Fix | ||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-01-30 19:19:41 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Al Takishita
2007-12-11 04:20:07 UTC
Created attachment 284751 [details]
4 SELinux failures (when permissive) printing an image
After I set up an HP OfficeJet 5610, I saw these 4 SELinux failures (when in
permissive mode) when trying to print an image using hp-print or hp-toolbox.
In enforcing mode, the first one caused printing to fail (but the job stayed in
the queue).
Oddly enough, I didn't have this problem when I was using a PSC 1610, doing
pretty much the same things.
What does 'rpm -q selinux-policy-targeted' say? Oh, never mind, it's selinux-policy-2.6.4-61.fc7. dwalsh: I've tried selinux-policy-2.6.4-62.fc7 from koji and it nearly works. The only problem is that /var/spool/cups is getting context var_spool_t which is incorrect. This line seems to have been removed from cups.fc: /var/spool/cups(/.*)? gen_context(system_u:object_r:print_spool_t,mls_systemhigh) After doing this: chcon -R system_u:object_r:print_spool_t /var/spool/cups then printing to an HP PSC 2210 works fine without any audit messages with selinux-policy-2.6.4-62.fc7, so we just need to get the file context right on the spool directory. Created attachment 287421 [details]
policy-cups-spool.patch
Here's an incremental patch to do that.
*** Bug 422761 has been marked as a duplicate of this bug. *** Fixed path in selinux-policy-2.6.4-63.fc7 Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen. |