Bug 693145
Summary: | SELinux is preventing /usr/lib/cups/filter/rastertosamsungspl from 'write' accesses on the file rastertosamsungspl.log. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Stephen Haffly <hafflys> | ||||||
Component: | cups | Assignee: | Tim Waugh <twaugh> | ||||||
Status: | CLOSED CANTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 14 | CC: | dwalsh, jpopelka, mgrepl, twaugh | ||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | x86_64 | ||||||||
OS: | Linux | ||||||||
Whiteboard: | setroubleshoot_trace_hash:dc45760d33913a95ce1d417446db9ca830bbd4b46478a12c50a1c686bb4fee4f | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2011-05-27 10:05:21 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Stephen Haffly
2011-04-03 04:04:19 UTC
It has taken several hours, but I finally got the printer to print by disabling SELinux and setting it up. However, now that I have reenabled SELinux, this error remains. Where is actually the 'rastertosamsungspl.log' file located? Created attachment 489734 [details]
File location
Created attachment 489735 [details]
File properties
Searching shows it in /usr/tmp which is linked to /var/tmp.
Stephen if you remove the file does everything work? rm /var/tmp/rastertosamsungspl.log I'm not sure since I already did the audit2allow change. Is there a way to revert that and then I can check? I opened system-config-selinux, and took a look at /usr/tmp and /usr/tmp/.* for the settings. They are: /usr/tmp tmp_t:s0 directory /usr/tmp/.* <<None>> all files /var/tmp, is different. It has: /var/tmp tmp_t:s0 all files /var/tmp/.* <<None>> all files I don't know if this is significant or not. I had previously changed manually the cups and cupsd entries under Process Domain to Permissive in an attempt to install and configure this printer. I am going to change those now back to Enforcing. I am actually interested in the name and label of the log file. If the name of the log file is guessable, this might be a security risk on a multi user system. I would prefer if cupsd never wrote to /tmp. If cups creates the log file as cupsd_tmp_t and be allowed to use it. cupsd isn't doing any of this; it's rastertosamsungspl. That 3rd party driver needs to be fixed. |