Bug 164880 - Problem with hplip when printer is connected through the network
Problem with hplip when printer is connected through the network
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
4
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-02 05:21 EDT by Vaclav "sHINOBI" Misek
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 1.25.3-12
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-08-26 02:36:56 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vaclav "sHINOBI" Misek 2005-08-02 05:21:27 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6

Description of problem:
HPLIP toolbox shows that the printer is offline or unavailable. I noticed there is an error in audit log. After running "setsebool hplip_disable_trans=1" it starts to work.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.25.3-6

How reproducible:
Always

Steps to Reproduce:
1. install network printer using hplip
2. start hp-toolbox
3.
  

Actual Results:  type=SYSCALL msg=audit(1122972552.068:15897082): arch=c000003e syscall=41 success=no exit=-13 a0=2 a1=3 a2=1 a3=7fffffdba0c0 items=0 pid=2143 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="python" exe="/usr/bin/python"
type=AVC msg=audit(1122972552.269:15897408): avc:  denied  { create } for  pid=2143 comm="python" scontext=system_u:system_r:hplip_t tcontext=system_u:system_r:hplip_t tclass=rawip_socket

Additional info:
Comment 1 Daniel Walsh 2005-08-02 10:59:04 EDT
Can you do a setenforce 0 and then run a print job. and gather all of the avc
messages.

Dan
Comment 2 Vaclav "sHINOBI" Misek 2005-08-03 08:37:15 EDT
OK, messages follows:

type=AVC msg=audit(1123072345.692:14384534): avc:  denied  { ioctl } for 
pid=5021 comm="python" name="4" dev=devpts ino=6 scontext=root:system_r:hplip_t
tcontext=root:object_r:devpts_t tclass=chr_file
type=SYSCALL msg=audit(1123072345.692:14384534): arch=c000003e syscall=16
success=yes exit=0 a0=0 a1=5401 a2=7fffffd7db30 a3=0 items=0 pid=5021
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="python" exe="/usr/bin/python"
type=AVC_PATH msg=audit(1123072345.692:14384534):  path="/dev/pts/4"
type=AVC msg=audit(1123072345.694:14384550): avc:  denied  { getattr } for 
pid=5021 comm="python" name="4" dev=devpts ino=6 scontext=root:system_r:hplip_t
tcontext=root:object_r:devpts_t tclass=chr_file
type=SYSCALL msg=audit(1123072345.694:14384550): arch=c000003e syscall=5
success=yes exit=0 a0=0 a1=7fffffd7da70 a2=7fffffd7da70 a3=2aaaaaae80b4 items=0
pid=5021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="python" exe="/usr/bin/python"
type=AVC_PATH msg=audit(1123072345.694:14384550):  path="/dev/pts/4"
type=AVC msg=audit(1123072345.923:14386899): avc:  denied  { write } for 
pid=5021 comm="python" name="base" dev=dm-0 ino=26820640
scontext=root:system_r:hplip_t tcontext=system_u:object_r:usr_t tclass=dir
type=AVC msg=audit(1123072345.923:14386899): avc:  denied  { remove_name } for
pid=5021 comm="python" name="__init__.pyc" dev=dm-0 ino=26820609
scontext=root:system_r:hplip_t tcontext=system_u:object_r:usr_t tclass=dir
type=AVC msg=audit(1123072345.923:14386899): avc:  denied  { unlink } for 
pid=5021 comm="python" name="__init__.pyc" dev=dm-0 ino=26820609
scontext=root:system_r:hplip_t tcontext=root:object_r:usr_t tclass=file
type=SYSCALL msg=audit(1123072345.923:14386899): arch=c000003e syscall=87
success=yes exit=0 a0=7fffffd7c640 a1=0 a2=1 a3=2aaaaab4aaa8 items=1 pid=5021
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="python" exe="/usr/bin/python"
type=CWD msg=audit(1123072345.923:14386899):  cwd="/usr/share/hplip"
type=PATH msg=audit(1123072345.923:14386899): item=0
name="/usr/share/hplip/base/__init__.pyc" flags=10  inode=26820640 dev=fd:00
mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1123072345.924:14386900): avc:  denied  { add_name } for 
pid=5021 comm="python" name="__init__.pyc" scontext=root:system_r:hplip_t
tcontext=system_u:object_r:usr_t tclass=dir
type=AVC msg=audit(1123072345.924:14386900): avc:  denied  { create } for 
pid=5021 comm="python" name="__init__.pyc" scontext=root:system_r:hplip_t
tcontext=root:object_r:usr_t tclass=file
type=SYSCALL msg=audit(1123072345.924:14386900): arch=c000003e syscall=2
success=yes exit=4 a0=7fffffd7c640 a1=2c1 a2=1b6 a3=2aaaaab4aaa8 items=1
pid=5021 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="python" exe="/usr/bin/python"
type=CWD msg=audit(1123072345.924:14386900):  cwd="/usr/share/hplip"
type=PATH msg=audit(1123072345.924:14386900): item=0
name="/usr/share/hplip/base/__init__.pyc" flags=310  inode=26820640 dev=fd:00
mode=040755 ouid=0 ogid=0 rdev=00:00
type=AVC msg=audit(1123072345.924:14386905): avc:  denied  { write } for 
pid=5021 comm="python" name="__init__.pyc" dev=dm-0 ino=26820609
scontext=root:system_r:hplip_t tcontext=root:object_r:usr_t tclass=file
type=SYSCALL msg=audit(1123072345.924:14386905): arch=c000003e syscall=1
success=yes exit=113 a0=4 a1=2aaaae806000 a2=71 a3=ffffffff items=0 pid=5021
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="python" exe="/usr/bin/python"
type=AVC_PATH msg=audit(1123072345.924:14386905): 
path="/usr/share/hplip/base/__init__.pyc"
Comment 3 Daniel Walsh 2005-08-25 12:53:06 EDT
Fixed in selinux-policy-targeted-1.25.3-12
Comment 4 Walter Justen 2005-08-26 02:36:56 EDT
Thanks for the bug report. This particular bug was fixed and a update package
was published for download. Please feel free to report any further bugs you find.

Note You need to log in before you can comment on or make changes to this bug.