Bug 231395 - CUPS OR Selinux Problem
CUPS OR Selinux Problem
Product: Fedora
Classification: Fedora
Component: cups (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tim Waugh
: Reopened
Depends On:
  Show dependency treegraph
Reported: 2007-03-07 18:57 EST by Leslie Satenstein
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-03-12 20:46:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Leslie Satenstein 2007-03-07 18:57:14 EST
Description of problem:

One computer, two hard disks, one Fedora6 on each, but separately bootable.
With one on installed on /dev/hda cups starts every time, with all Selinux
disable options unchecked.

On the /dev/sata disk, to enable cups, I have to check the ignore daemon option
in the Selinux print parameters.

Version-Release number of selected component (if applicable):
Everything current as of March 7th, 2007

How reproducible:

Every time.

Steps to Reproduce:
Actual results:

Expected results:

Same startup for both systems.

Additional info:

After problems arose, I copied the cups files from /dev/hda to /dev/sda. 

Problem persisted.

I just thought of it, and I will get back to you, 
but I think that I have to do a su to root and issue the command

chcon -R -t /etc/cups command so that I can restore the selinux setting.

When it failed, message was that it cannot read (cant open) the cups.conf file.
Settings are rwe --- --- for said file.

If you have time... low priority.... 

Other than that, cups works ok. Would like to see enhancement that when printer
is off line or not connected instead of just switching to "pause" with no
message, that an advice be given to user whose file is the top of the queue.
Comment 1 Leslie Satenstein 2007-03-07 19:18:27 EST
the chcon -R -t httpd_sys_content_t /etc/cups      did not work

Error message
cupsd: Unable to read configuration file '/etc/cups/cupsd.conf' 

Changing the one selinux parameter to ignore daemon, and we are in business.
Comment 2 Tim Waugh 2007-03-08 04:36:00 EST
What does 'rpm -V cups' say?  By the way, what made you choose
'httpd_sys_content_t' as the SELinux context for /etc/cups?  It is completely
Comment 3 Leslie Satenstein 2007-03-08 19:05:49 EST
Hi Tim

Response  rpm -qa is cups-1.2.7-1.8.fc6

rpm -V cups
SM5....T c /etc/cups/classes.conf
S.5....T c /etc/cups/printers.conf
[root@linux leslie]# 

In response to your other question, regarding chmon what is the right value. I
looked at what I saw in some directories, and I did not see any other values or
even note what values to use for cups.

What should the command line be? 

By the way, yum erase cups* would remove 41 packages. So much for YUM.
Comment 4 Tim Waugh 2007-03-09 04:20:45 EST
> What should the command line be? 

restorecon -v -R /etc/cups

> By the way, yum erase cups* would remove 41 packages. So much for YUM.

That's partly bug #192402 I think, but do you really mean to remove the CUPS
libraries as well as the scheduler?  Several packages are built against those.
Comment 5 Leslie Satenstein 2007-03-09 19:17:27 EST
Hi Tim
I thank you for the command. 
I restored Selinux setting and I looked up (man) restorecon and tried it as root.

restorecon -v -R /etc/cups
did stop and on restart....

 cupsd: Unable to read configuration file '/etc/cups/cupsd.conf' - exiting!

So that command did not work.

Enjoy the weekend, problem is still open. 

Leslie (in Montreal)

Any other suggestions, and I don't 
Comment 6 Tim Waugh 2007-03-12 05:42:30 EDT
Please show me the output of these commands, all as root:

ls -lZ /etc/cups/cupsd.conf
rpm -V cups
Comment 7 Leslie Satenstein 2007-03-12 20:46:32 EDT
As requested

(I have selinux disabled for daemon.  

[leslie@linux ~]$ ls -lZ /etc/cups/cupsd.conf
-rw-r-----  root lp system_u:object_r:cupsd_rw_etc_t /etc/cups/cupsd.conf
[leslie@linux ~]$ /usr/sbin/getenforce

I will set uncheck the daemon setting and set selinux back to enforce . The
result is pasted below and now shows

[leslie@linux ~]$ ls -lZ /etc/cups/cupsd.conf
-rw-r-----  root lp system_u:object_r:cupsd_rw_etc_t /etc/cups/cupsd.conf
[leslie@linux ~]$ /usr/sbin/getenforce

And now my test with Enforcing after running your two commands is OK. Printing
works again. I repeat...

Printing with no checkmark in selinux with setting of Enforcing and policy type

Since it is working, whatever it was that was blocking printing is gone, no logs
to describe what and why.

Tim, Thank you for your help, In a way I wish that the problem was persistant,
so that the culprit problem would be detected.  Anyway, we were both patient,
with my once per day activity to get back to you and as I just wrote, without
coding changes, problem is gone.  

Regards from Montreal Canada. 


Note You need to log in before you can comment on or make changes to this bug.