Description of problem: I conneted to a Windows network printer Canon LBP3300. When I tried to print a test page, the message appeared: "SELinux is preventing gs (cupsd_t) "execstack" cupsd_t" and the test page could not be printed. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Source Context: system_u:system_r:cupsd_t:s0-s0:c0.c1023Target Context: system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Objects: None [ process ] Source: gs Source Path: /usr/bin/gs Port: <Unknown> Host: vatlyhatnhan Source RPM Packages: ghostscript-8.64-6.fc11 Target RPM Packages: Policy RPM: selinux-policy-3.6.12-39.fc11Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: catchall Host Name: vatlyhatnhan Platform: Linux vatlyhatnhan 2.6.29.5-191.fc11.i586 #1 SMP Tue Jun 16 23:11:39 EDT 2009 i686 i686 Alert Count: 20 First Seen: Wed 01 Jul 2009 02:43:14 PM ICT Last Seen: Wed 01 Jul 2009 03:45:46 PM ICT Local ID: 7f34632d-bccf-47f6-ad76-0ac6d4e1f4d4
Did you install some third party software to make this work? Look for a library marked execstack # find / -exec execstack -q {} \; 2> /dev/null | grep ^X You can add this for now if you just want the print job to work by adding custom policy # grep cupsd /var/log/audit/audit.log | audit2allow -M mycups # semodule -i mycups.pp execstack is considered fairly dangerous, it is explained here. http://people.redhat.com/~drepper/selinux-mem.html
Thank you very much. It works now like a charm.
What did you do, just add the policy or did you find the library with the execstack flag?
I just added a new policy and everything worked.I don't understand about the library marked execstack.
Can you just run this command to look for execstack libraries on your system # find / -exec execstack -q {} \; 2> /dev/null | grep ^X