Bug 479178
Summary: | cups/hplip wants to write its config file (hplip.conf)????? | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tom London <selinux> |
Component: | hplip | Assignee: | Tim Waugh <twaugh> |
Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 10 | CC: | dwalsh, james, ronin3510, twaugh |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | 2.8.12-6.fc10 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-03-13 18:35:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tom London
2009-01-07 19:08:22 UTC
I can confirm it for F10. rpm -qa|grep selinux && rpm -qa|grep hplip libselinux-utils-2.0.73-1.fc10.i386 selinux-policy-doc-3.5.13-38.fc10.noarch selinux-policy-3.5.13-38.fc10.noarch libselinux-2.0.73-1.fc10.i386 libselinux-python-2.0.73-1.fc10.i386 selinux-doc-1.26-1.1.noarch selinux-policy-targeted-3.5.13-38.fc10.noarch hplip-libs-2.8.12-1.fc10.i386 hplip-2.8.12-1.fc10.i386 hplip-gui-2.8.12-1.fc10.i386 After doing semanage permissive -a hplip_t here's the difference between the original file copied in /root and the modified one diff /etc/hp/hplip.conf /root/hplip.conf 1,13c1 < [dirs] < run = /var/run < cupsbackend = /usr/lib/cups/backend < ppd = /usr/share/ppd/HP < doc = /usr/share/doc/hplip-2.8.12 < drv = /usr/share/cups/drv/hp < ppdbase = /usr/share/ppd < home = /usr/share/hplip < icon = /usr/share/applications < cupsfilter = /usr/lib/cups/filter < < [last_used] < device_uri = hp:/usb/Deskjet_F4100_series?serial=CN7673S2N104TJ --- > # hplip.conf. Generated from hplip.conf.in by configure. 16c4 < version = 2.8.12 --- > version=2.8.12 17a6,17 > [dirs] > home=/usr/share/hplip > run=/var/run > ppd=/usr/share/ppd/HP > ppdbase=/usr/share/ppd > doc=/usr/share/doc/hplip-2.8.12 > icon=/usr/share/applications > cupsbackend=/usr/lib/cups/backend > cupsfilter=/usr/lib/cups/filter > drv=/usr/share/cups/drv/hp > > # Following values are determined at configure time and cannot be changed. 19,35c19,36 < foomatic-rip-hplip-install = no < qt4 = no < doc-build = yes < qt3 = yes < cups11-build = no < gui-build = yes < internal-tag = 2.8.12.26 < foomatic-ppd-install = no < network-build = yes < ui-toolkit = qt3 < pp-build = yes < fax-build = yes < scanner-build = yes < restricted-build = no < dbus-build = yes < shadow-build = no < foomatic-drv-install = yes --- > network-build=yes > pp-build=yes > gui-build=yes > scanner-build=yes > fax-build=yes > dbus-build=yes > cups11-build=no > doc-build=yes > shadow-build=no > foomatic-drv-install=yes > foomatic-ppd-install=no > foomatic-rip-hplip-install=no > internal-tag=2.8.12.26 > restricted-build=no > ui-toolkit=qt3 > qt3=yes > qt4=no > Yeah, it shouldn't do that. The bug seems to affect CentOS 5.2 too, so perhaps it should occur in RHEL too. I can't see a code path that works in quite the same way for RHEL-5.2. It may adjust the system wide configuration file when run directly by root, but I don't see that it will when run from CUPS. Are you seeing AVC messages on CentOS 5.2? FWIW, the way I was able to trigger the AVC message on Fedora 10 was by switching on a connected USB HP printer; this triggers hal_lpadmin (running in cups_config_t), which in turn runs hp-info (running in hplip_t). That's precisely how I found the AVC. I had installed F10 for awhile, but never started the printer. After switching hplip.conf_t domain in permissive to make sure the AVC's still appear, then ausearch -m avc -ts today | audit2allow -M myhplip; semodule -i myhplip.pp (because it was the only denial I had on F10) After a major power outage last night, I fired up CentOS 5.2, applied the updates and I start browsing Setroubleshooter. I noticed this kind of denial but at the moment the net was still down so I couldn't report anything. I'll reboot in a few hours, test it again for AVC's and if any I'll report back here. hplip-2.8.12-5.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update hplip'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-11236 hplip-2.8.12-6.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update hplip'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-11236 hplip-2.8.12-6.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. |