Bug 830630
| Summary: | Unable to create file in /tmp directory while using cups service when PrivateTmp = True | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Goutam Kodu <goutamkk> |
| Component: | cups | Assignee: | Tim Waugh <twaugh> |
| Status: | CLOSED WORKSFORME | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | urgent | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | dwalsh, goutamkk, jpopelka, twaugh |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-06-22 11:24:24 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Goutam Kodu
2012-06-11 03:53:49 UTC
So is this SELinux related or is this a user process trying to reach a filter created on /tmp by a process started by cups? (In reply to comment #1) > So is this SELinux related or is this a user process trying to reach a > filter created on /tmp by a process started by cups? Hpcups is a child process created by cups daemon, it is similar to in-built cups filters ,pdftops,gstoraster,pstops etc.. hpcups,pstoraster,pdftops etc. are all separate executables. cups daemon invokes these executables while converting print or fax job data from one format to another. But if they are run within the same namespace as cups they should work fine with private /tmp? I am not able to reproduce the problem. I used hpijs-3.12.6-1.fc17.x86_64 and an HP PSC 2210, configured with "HP PSC 2200 Series, hpcups 3.12.6". Printing works fine normally. To turn on debug saving of PCL output I added "hpLogLevel 2" to /etc/cups/cupsd.conf. strace of the running hpcups process reveals that open(), chmod(), etc all work with no error on the file in /tmp. Of course, as /tmp is in a private namespace, other process (such as the operator's shell) will not be able to read this file. I suggest putting that file in $TMPDIR instead of /tmp (so that /var/spool/cups/tmp is used), or -- as this is for debugging purposes only -- changing PrivateTmp to false in cups.service when debugging. (In reply to comment #3) > But if they are run within the same namespace as cups they should work fine > with private /tmp? Hi Daniel, If there is any documentation on Private Tmp feature can you please share with me. I like to know more on this . Googling did not give me much information on this feature. Regards, Goutam http://danwalsh.livejournal.com/51459.html https://fedoraproject.org/wiki/Features/ServicesPrivateTmp http://0pointer.de/blog/projects/security.html (In reply to comment #6) > http://danwalsh.livejournal.com/51459.html > https://fedoraproject.org/wiki/Features/ServicesPrivateTmp > http://0pointer.de/blog/projects/security.html Hi Daniel, Thank you for the links. They were helpful to understand the PrivateTmp feature. I went through the source code of systemd-44 to understand the implementation of it for the system services. As to my understanding systemd (system and service manager) starts several services on start up and it check in the daemon service file if the privateTmp attibute is true or false for that service. When PrivateTmp = true systemd will create "/tmp/systemd-namespace-XXXXX/private" directory for that daemon process (e.g cups)which is private for that process and user will not have access to look into the system services private directory. Its a very good security feature to prevent user from breaching into the private data of the system services (e.g cups). My doubt here is how will the system services (e.g cups, udev, ssh) will get know where to dump there private data. I explored the cups-1.5.3 source code and could see that cups always uses TMPDIR env variable which is set to always "/var/spool/cups/tmp" directory to dump its temporary data. In that case cups is not making use of the "/tmp/systemd-namespace-XXXX/private" directory. My question is how will the hpcups process ( which is invoked by cups) will know which one of the " systemd-namespace-XXXX/private " in /tmp is the private directory of the cups to dump the output files or log files ? My apology if my understanding about private tmp is wrong. I am just a learner and still exploring. I am looking for how i can leverage this feature for hpcups process invoked by cups when given a print job to cups. Please help me with this regard to understand more. Regards, Goutam Either location is fine. Using "PrivateTmp" avoids the problem of having applications that hard-code "/tmp/XXXXX" and create those files insecurely. The permissions on /var/spool/cups/tmp are secure and prevent tmpdir-style denial of service and symlink attacks by local users. Additionally, files there may be retained for longer to allow for debugging output. I recommend hplip uses $TMPDIR. |