Description of problem: when i try to print tp cups-pdf with fedora7 i have this error in setroubleshoot : SELinux is preventing /usr/lib/cups/backend/cups-pdf (cupsd_t) "write" to tanguy-e (user_home_dir_t) and no file on the desktop. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Probaly a problem with new localized Desktop folder name. Can you try to edit /etc/cups/cups-pdf.conf to change the out folder to the actual "Desktop" name (probably "Bureau" in France). Out ${HOME}/Bureau I'm working with upstream on a change to detect this automaticaly (xdg-user-dirs) P.S. you can check the value of XDG_DESKTOP_DIR in $HOME/.conf/user-dirs.dirs
You are right. Changing the out folder to ${HOME}/Bureau for France and now all work fine.
*** Bug 243200 has been marked as a duplicate of this bug. ***
*** Bug 276021 has been marked as a duplicate of this bug. ***
*** Bug 292631 has been marked as a duplicate of this bug. ***
cups-pdf-2.4.6-4.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cups-pdf'
cups-pdf-2.4.6-4.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cups-pdf'
I still have problem with this. If i try to print to this printer the printer stop and no pdf is created.
Can you give more information please ? - selinux message ? - cups-pdf.conf - cups-pdf_log (with LogType = 7) Regards
Created attachment 271041 [details] cups-pdf.conf
Created attachment 271051 [details] cups-pdf_log
Selinux message : avc: denied { write } for comm=cups-pdf dev=dm-0 egid=7 euid=0 exe=/usr/lib/cups/backend/cups-pdf exit=-13 fsgid=7 fsuid=0 gid=7 items=0 name=root pid=6595 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:user_home_dir_t:s0 tty=(none) uid=0 cups-pdf.conf and cups-pdf_log attached
It seems you have upgrade. Can you try to uninstall/reinstall testing release to have selinux policy reapply and switch to new default config (Out=${DESKTOP}) Thanks for the tests.
Just a note: When installing or remove, semodule takes some time (~2 minutes on Sempron 3000+). I do not know if there is a way to do it faster. I removed the packaged and installed it, but my cups-pdf.conf still says Out ${HOME}/Desktop and it still does not work, which is weird, as in my localized GNOME installation, /home/martin/Desktop exists (other than in French installations, where its name is somewhat different).
Hm, my SELinux alert says something regarding /home/martin/Desktop , thought.
Sorry for the spam.. I had a look at the RPM (cups-pdf-2.4.6-4.fc7), extracted it and the config file that is shipped with it still says Out ${HOME}/Desktop So I guess it is a problem with the package.
I uninstalled cups-pdf yum --enablerepo=updates-testing update *selinux* yum --enablerepo=updates-testing install cups-pdf Modify by hand /etc/cups/cups-pdf.conf to put Out ${DESKTOP} because cups-pdf.conf still says Out ${HOME}/Desktop and modify LogType 7. Tried to print something Still have problem : Thu Nov 29 09:16:40 2007 [DEBUG] switching to new gid (lp) Thu Nov 29 09:16:40 2007 [DEBUG] initialization finished (v2.4.6) Thu Nov 29 09:16:40 2007 [DEBUG] user identified (tanguy-e) Thu Nov 29 09:16:40 2007 [ERROR] Can't read (/home/tanguy-e/.config/user-dirs.d irs) Thu Nov 29 09:16:40 2007 [DEBUG] ERRNO: 13 Thu Nov 29 09:16:40 2007 [DEBUG] output directory name generated (/home/tanguy- e) Thu Nov 29 09:16:40 2007 [ERROR] failed to create directory (/home/tanguy-e) Thu Nov 29 09:16:40 2007 [DEBUG] ERRNO: 17 Thu Nov 29 09:16:40 2007 [ERROR] failed to create user output directory (/home/ tanguy-e) Thu Nov 29 09:16:40 2007 [DEBUG] ERRNO: 17 the problem seems to be i don't have /home/tanguy-e/.config/ My system is a fresh F-8 install from DVD so i don't undertand why i don't have /home/tanguy-e/.config/
this is what i have in my /var/log/cups/cups-pdf.log: Sat Dec 1 14:04:32 2007 [ERROR] failed to create directory (/home/myname) Sat Dec 1 14:04:32 2007 [ERROR] failed to create user output directory (/home/myname/desktop) Sat Dec 1 14:05:36 2007 [ERROR] failed to create directory (/home/myname) Sat Dec 1 14:05:36 2007 [ERROR] failed to create user output directory (/home/myname/desktop) Sun Dec 2 02:23:38 2007 [ERROR] failed to create directory (/home/myname) Sun Dec 2 02:23:38 2007 [ERROR] failed to create user output directory (/home/myname/desktop) Sun Dec 2 02:26:55 2007 [STATUS] identification string sent Sun Dec 2 02:28:03 2007 [ERROR] failed to create directory (/home/myname) Sun Dec 2 02:28:03 2007 [ERROR] failed to create user output directory (/home/myname/desktop) Sun Dec 2 02:28:46 2007 [ERROR] failed to create directory (/home/myname) Sun Dec 2 02:28:46 2007 [ERROR] failed to create user output directory (/home/myname/desktop) all these directories exist. why does it try to create them? all the config files are ok, the user-dirs.dirs is ok. there are no messages from the selinux, nothing from dmesg, nothing from messages, just nothing and cups-pdf doesn't want to work! PS this is on fc8 with all updates applied, using the default cups-pdf, not the testing version.
this is what i found in /var/log/cups/error_log: I [02/Dec/2007:02:39:48 +0100] [Job 5] Queued on "Cups-PDF" by "root". I [02/Dec/2007:02:39:48 +0100] [Job 5] Started filter /usr/lib/cups/filter/pstops (PID 3670) I [02/Dec/2007:02:39:48 +0100] [Job 5] Started backend /usr/lib/cups/backend/cups-pdf (PID 3671) E [02/Dec/2007:02:39:48 +0100] PID 3671 (/usr/lib/cups/backend/cups-pdf) stopped with status 254! I [02/Dec/2007:02:39:48 +0100] Hint: Try setting the LogLevel to "debug" to find out more. I [02/Dec/2007:02:39:48 +0100] [Job 5] Backend returned status 254 (unknown) maybe status 254 is connected with my home directory?!
Please, only report about cups-pdf-2.4.6-5 soon available in updates-testing. You can also download it from : http://koji.fedoraproject.org/koji/buildinfo?buildID=26108 - uninstall current version - install new release to have latest config file and latest selinux policy applied. Remi.
cups-pdf-2.4.6-5 installed printing from root works fine : Sun Dec 2 10:20:43 2007 [DEBUG] switching to new gid (lp) Sun Dec 2 10:20:43 2007 [DEBUG] initialization finished (v2.4.6) Sun Dec 2 10:20:43 2007 [DEBUG] user identified (root) Sun Dec 2 10:20:43 2007 [DEBUG] XDG_DESKTOP_DIR: (/root/Desktop) Sun Dec 2 10:20:43 2007 [DEBUG] output directory name generated (/root/Desktop ) Sun Dec 2 10:20:43 2007 [DEBUG] user information prepared Sun Dec 2 10:20:43 2007 [DEBUG] spoolfile name created (/var/spool/cups-pdf/SP OOL/cups2pdf-3581) Sun Dec 2 10:20:43 2007 [DEBUG] source stream ready Sun Dec 2 10:20:43 2007 [DEBUG] destination stream ready (/var/spool/cups-pdf/ SPOOL/cups2pdf-3581) Sun Dec 2 10:20:43 2007 [DEBUG] owner set for spoolfile (/var/spool/cups-pdf/S POOL/cups2pdf-3581) Sun Dec 2 10:20:43 2007 [DEBUG] found beginning of postscript code (%!PS-Adobe -3.0) Sun Dec 2 10:20:43 2007 [DEBUG] now extracting postscript code Sun Dec 2 10:20:43 2007 [DEBUG] found embedded (e)ps code (%!PS-TrueTypeFont-1 .0-2.13107) Sun Dec 2 10:20:43 2007 [DEBUG] found embedded (e)ps code (%!PS-TrueTypeFont-1 .0-2.13107) Sun Dec 2 10:20:43 2007 [DEBUG] found end of embedded (e)ps code (%%EOF) Sun Dec 2 10:20:43 2007 [DEBUG] all data written to spoolfile (/var/spool/cups -pdf/SPOOL/cups2pdf-3581) Sun Dec 2 10:20:43 2007 [DEBUG] trying to use PS title () Sun Dec 2 10:20:43 2007 [DEBUG] removing trailing newlines from title () Sun Dec 2 10:20:43 2007 [DEBUG] removing special characters from title () Sun Dec 2 10:20:43 2007 [DEBUG] empty PS title, using commandline title () Sun Dec 2 10:20:43 2007 [DEBUG] removing trailing newlines from title () Sun Dec 2 10:20:43 2007 [DEBUG] removing special characters from title () Sun Dec 2 10:20:43 2007 [DEBUG] empty commandline title Sun Dec 2 10:20:43 2007 [DEBUG] no title found - using default value (job_23-u ntitled_document) Sun Dec 2 10:20:43 2007 [DEBUG] input data read from stdin Sun Dec 2 10:20:43 2007 [DEBUG] output filename created (/root/Desktop/job_23- untitled_document.pdf) Sun Dec 2 10:20:43 2007 [DEBUG] ghostscript commandline built (/usr/bin/gs -q -dCompatibilityLevel=1.4 -dNOPAUSE -dBATCH -dSAFER -sDEVICE=pdfwrite -sOutputFil e="/root/Desktop/job_23-untitled_document.pdf" -dAutoRotatePages=/PageByPage -dA utoFilterColorImages=false -dColorImageFilter=/FlateEncode -dPDFSETTINGS=/prepre ss -c .setpdfwrite -f /var/spool/cups-pdf/SPOOL/cups2pdf-3581) Sun Dec 2 10:20:43 2007 [DEBUG] output file unlinked (/root/Desktop/job_23-unt itled_document.pdf) Sun Dec 2 10:20:43 2007 [DEBUG] TMPDIR set for GhostScript (/var/tmp) Sun Dec 2 10:20:43 2007 [DEBUG] entering child process Sun Dec 2 10:20:43 2007 [DEBUG] GID set for current user Sun Dec 2 10:20:43 2007 [DEBUG] UID set for current user (root) Sun Dec 2 10:20:45 2007 [DEBUG] ghostscript has finished (0) Sun Dec 2 10:20:45 2007 [DEBUG] file mode set for user output (/root/Desktop/j ob_23-untitled_document.pdf) Sun Dec 2 10:20:45 2007 [DEBUG] no postprocessing Sun Dec 2 10:20:43 2007 [DEBUG] waiting for child to exit Sun Dec 2 10:20:45 2007 [DEBUG] spoolfile unlinked (/var/spool/cups-pdf/SPOOL/ cups2pdf-3581) Sun Dec 2 10:20:45 2007 [DEBUG] all memory has been freed Sun Dec 2 10:20:45 2007 [STATUS] PDF creation successfully finished (root) But printing from a user does not work : Sun Dec 2 10:23:11 2007 [DEBUG] switching to new gid (lp) Sun Dec 2 10:23:11 2007 [DEBUG] initialization finished (v2.4.6) Sun Dec 2 10:23:11 2007 [DEBUG] user identified (tanguy-e) Sun Dec 2 10:23:11 2007 [ERROR] Can't read (/home/tanguy-e/.config/user-dirs.d irs) Sun Dec 2 10:23:11 2007 [DEBUG] ERRNO: 13 Sun Dec 2 10:23:11 2007 [DEBUG] output directory name generated (/home/tanguy- e) Sun Dec 2 10:23:11 2007 [ERROR] failed to create directory (/home/tanguy-e) Sun Dec 2 10:23:11 2007 [DEBUG] ERRNO: 17 Sun Dec 2 10:23:11 2007 [ERROR] failed to create user output directory (/home/ tanguy-e) Sun Dec 2 10:23:11 2007 [DEBUG] ERRNO: 17 more /home/tanguy-e/.config/user-dirs.dirs : # This file is written by xdg-user-dirs-update # If you want to change or add directories, just edit the line you're # interested in. All local changes will be retained on the next run # Format is XDG_xxx_DIR="$HOME/yyy", where yyy is a shell-escaped # homedir-relative path, or XDG_xxx_DIR="/yyy", where /yyy is an # absolute path. No other format is supported. # XDG_DESKTOP_DIR="$HOME/Bureau" XDG_DOWNLOAD_DIR="$HOME/Téléchargement" XDG_TEMPLATES_DIR="$HOME/Modèles" XDG_PUBLICSHARE_DIR="$HOME/Public" XDG_DOCUMENTS_DIR="$HOME/Documents" XDG_MUSIC_DIR="$HOME/Musique" XDG_PICTURES_DIR="$HOME/Images" XDG_VIDEOS_DIR="$HOME/Vidéos" So i don't understand where the problem come from.
cups-pdf-2.4.6-5.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cups-pdf'
cups-pdf-2.4.6-5.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cups-pdf'
2.4.6-5 also does not work for me.
I have just tested with 2.4.6-5 and it also doesn't work for me: Mon Dec 3 14:49:48 2007 [ERROR] Can't read (/home/adam/.config/user-dirs.dirs) Mon Dec 3 14:49:48 2007 [ERROR] failed to create directory (/home/adam) Mon Dec 3 14:49:48 2007 [ERROR] failed to create user output directory (/home/adam)
i tried both 2.6.4-4.fc8 and 2.6.4-5.fc8. They produced the same result. My problem comes from selinux. when i set it to permissive then even the 2.6.4-3.fc8 works. But the default state is enforcing. The most strange thing is that when the policy is set to enforcing i didn't get any messages in the selinux log. but when set to premissive cups-pdf 2.4.6-3.fc8 works fine and i got about 5 messages in the selinux log. back to daniel walsh.
Can't you give me the result of ll -Za /home ll -Za /home/user_name/deskto_folder_pname ll -Za /home/user_name/.config Thank's.
In my case: drwx---r-x adam adam unconfined_u:object_r:unconfined_home_dir_t adam drwxr-xr-x adam adam unconfined_u:object_r:unconfined_home_t Desktop drwx------ adam adam unconfined_u:object_r:unconfined_home_t .config
drwxr-xr-x martin martin root:object_r:user_home_dir_t martin drwxr-xr-x martin martin system_u:object_r:file_t Desktop drwxr-xr-x martin 502 user_u:object_r:user_home_t .config
this is what i have (fc8 with cups-pdf 2.4.6-3) drwx------ joshua joshua unconfined_u:object_r:unconfined_home_dir_t:s0 joshua drwxr-xr-x joshua joshua unconfined_u:object_r:unconfined_home_t:s0 desktop drwxr-xr-x joshua joshua unconfined_u:object_r:unconfined_home_t:s0 .config
cups-pdf-2.4.6-5 selinux policy is designed to work with (standard ?) user_home_dir_t and user_home_t context, not with unconfined_home_* or file_t. I need to investidate a little more on this issue. Thanks for the feedback. Remi
do you know why I didn't get any messages in the selinux log when the policy is set to enforcing? these mesages could point you directly to the selinux but without them................. It much more difficult to fogure the problem out.
@Martin : you probaly need to "restorecon" your desktop folder (file_t is not standard) @all : please try cups-pdf-2.4.6-6 when available in updates-testing
Thsnks for the hint regarding restorecon. cups-pdf-2.4.6-6 (from Koji) works fine for me, even when SELinux is set to Enforcing.
version 2.4.6-6.fc8.i386 from koji works fine here too. selinux set to enforcing. But why didn't I have any messages in the selinx log with the previous version?
@Joshua : i've already notice that "audit" only log once per file (to avoid very large log, i think), perhaps a explanation.
I confirm version 2.4.6-6.fc8.i386 works fine.
(In reply to comment #36) > @Joshua : i've already notice that "audit" only log once per file (to avoid very > large log, i think), perhaps a explanation. I don't know. I have absolutely no messages not even one per file. Only the error logs in /var/log/cups/cups-pdf.log. When selinux is set to permissive I have the following: 1. SELinux is preventing /usr/bin/gs (cupsd_t) "getattr" to /home/joshua/desktop/Printers_-_CUPS_1_3.pdf (unconfined_home_t). 2. SELinux is preventing the cups-pdf from using potentially mislabeled files (). I think selinux somehow tries to evaluate the messages and only logs the "critical" onces. cups-pdf is supposed to work with selinux and therefore selinux hasn't logged the message.
cups-pdf-2.4.6-6.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cups-pdf'
cups-pdf-2.4.6-6.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update cups-pdf'
cups-pdf-2.4.6-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
cups-pdf-2.4.6-6.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.