Description of problem: Ranged printers are currently not supported by the selinux-policy Version-Release number of selected component (if applicable): How reproducible: everytime Steps to Reproduce: 1. use chcon -l SystemLow-Secret /dev/lp0 2. newrole -l Unclassified 3. attempt to print lpr /etc/passwd Actual results: SELinux will deny access to the printer Expected results: Since the printer device is ranged write access should be allowed over the range Additional info: The following patch has been accepted upstream in the reference policy, with the change of the line: mls_file_write_within_range(printer_device_t) was moved to the policy/modules/kernel/devices.te file instead of policy/modules/services/cups.te
Created attachment 140004 [details] The original patch posted to the SELinux mailing list
Fixed in selinux-policy-2.4.3-1
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering. This request is not yet committed for inclusion in release.
QE ack for RHEL5B2.