Description of problem: I have an HP OfficeJet 7310xi network printer. I can set it up using system-config-printer without a problem but there is no way to use its other all-in-one features (scan, fax, etc.). I should be able to use the HPLIP package to do this. There are several problems involved with getting this to work. The first problem is that there is not a PPD file for my printer under /usr/share/foomatic/db/source/PPD/HP. I know how to fix this: foomatic-ppdfile -p HP-OfficeJet_7300 > /usr/share/foomatic/db/source/PPD/HP/all_in_one/HP-OfficeJet_7300-hpijs.ppd With a PPD file I can use hp-setup or cups add printer to add a printer. I can print but I can't do too much else due to selinux policy problems. When I do an hp-info on the device, it fails with a "Device not found" error. hp-info -dhp:/net/Officejet_7300_series?ip=192.168.0.5 I also get the following /var/log/messages: May 5 18:57:29 localhost kernel: audit(1146880649.326:549): avc: denied { net_raw } for pid=4157 comm="python" capability=13 scontext=root:system_r:hplip_t:s0 tcontext=root:system_r:hplip_t:s0 tclass=capability When I run hp-toolbox, the HPLIP hpssd process dies (can restart with service hplip restart). I get something like the following in /var/log/messages: May 5 19:03:14 localhost python: hpssd [FATAL] Traceback (innermost last): File "./hpssd.py", line 1385, in main loop(timeout=0.5) File "./hpssd.py", line 283, in loop obj.handle_read_event() File "./hpssd.py", line 433, in handle_read_event self.handle_read() File "./hpssd.py", line 639, in handle_read self.handlers.get(msg_type, self.handle_unknown)() File "./hpssd.py", line 1027, in handle_event loopback_trigger.pull_trigger() File "./hpssd.py", line 520, in pull_trigger os.write(self.trigger, '.') OSError: [Errno 13] Permission denied May 5 19:03:14 localhost kernel: audit(1146880994.388:561): avc: denied { net_raw } for pid=4291 comm="python" capability=13 scontext=root:system_r:hplip_t:s0 tcontext=root:system_r:hplip_t:s0 tclass=capability May 5 19:03:14 localhost kernel: audit(1146880994.392:562): avc: denied { write } for pid=4291 comm="python" name="[14737]" dev=pipefs ino=14737 scontext=root:system_r:hplip_t:s0 tcontext=root:system_r:hplip_t:s0 tclass=fifo_file May 5 19:03:14 localhost python: toolbox [WARN] Device not found When I disable selinux (setenforce 0), both of these commands work Version-Release number of selected component (if applicable): hplip-0.9.8-6 selinux-policy-targeted-2.2.23-15 How reproducible: Steps to Reproduce: see above Actual results: Expected results: Additional info:
When running xsane as a non-root user, I get *** glibc detected *** xsane: munmap_chunk(): invalid pointer: 0x009c0097 *** ======= Backtrace: ========= /lib/libc.so.6(__libc_free+0x17b)[0x16851f] ... as well as the follwing in /var/log/messages May 6 12:39:43 localhost hpiod: ParDevice::nibble_read failed: Input/output error May 6 12:39:43 localhost kernel: audit(1146944383.808:542): avc: denied { name_connect } for pid=5480 comm="hpiod" dest=9290 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=tcp_socket May 6 12:39:43 localhost hpiod: unable to connect to scan err=13 port 9290 JetDirectChannel::Open: Permission denied May 6 12:39:44 localhost hpiod: device cleanup uri=hp:/net/Officejet_7300_series?ip=192.168.0.5
# Disabling SELinux entirely or just setting a SELinux boolean to only # Disable SELinux protection for cups hplip daemon # is a workaround to this problem. # This may be done from the system-config-securitylevel or with setsebool: setsebool -P hplip_disable_trans=1 service hplip restart
Fix yum update to the latest policy version which fixes your net_raw problem. You can add the 9290 port to policy by executing semanage port -a -t hplip_port_t -p tcp 9290 I will add this port in selinux-policy-2.2.38-1.fc5
I ran yum update selinux-policy I then undid my workaround: setsebool -P hplip_disable_trans=1 and replaced it with yours semanage port -a -t hplip_port_t -p tcp 9290 I was able to recreate the print queue successfully, access the hp-toolbox and scan. I was _not_ able to use hp-unload to access the memory card reader. However, following your lead, I was able to fix this as well: semanage port -a -t hplip_port_t -p tcp 9220 Now everything seems to work. Can I expect that both of these changes will be added to selinux-policy-2.2.38-1.fc5? Thanks!
Nope I missed 9220, I have updated rawhide with the following for hplib network_port(hplip, tcp,50000,s0, tcp,50002,s0, tcp,1782,s0, tcp,9100,s0, tcp,9102,s0, tcp,9102,s0, tcp,9220,s0, tcp,9221,s0, tcp,9222,s0, tcp,9280,s0, tcp,9281,s0, tcp,9282,s0, tcp,9290,s0, tcp,9291,s0, tcp,9292,s0) I think that covers them all. I will add this update to FC5 in about a week.
Closing bugs