Bug 526429 - Fails when copying queue
Fails when copying queue
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks: F12Target
  Show dependency treegraph
 
Reported: 2009-09-30 04:53 EDT by Tim Waugh
Modified: 2009-09-30 13:34 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-30 10:22:32 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
selinux-policy-cups-ppd-file.patch (534 bytes, patch)
2009-09-30 05:28 EDT, Tim Waugh
no flags Details | Diff

  None (edit)
Description Tim Waugh 2009-09-30 04:53:25 EDT
Description of problem:
The cups-pk-helper-mechanism program is unable to read the provided PPD file due to SELinux policy.

Version-Release number of selected component (if applicable):
cups-pk-helper-0.0.4-7.fc12.x86_64
selinux-policy-targeted-3.6.32-12.fc12.noarch

How reproducible:
100%

Steps to Reproduce:
1.Run system-config-printer
2.Try to make a copy of an existing queue, or create a new queue
  
Actual results:
Fails.

Additional info:

A strace of cups-pk-helper-mechanism reveals why:

read(3, "l\1\0\0011\0\0\0\n\0\0\0\217\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.216\0\0\2\1s\0#\0\0\0org.opensuse.CupsPkHelper.Mechanism\0\0\0\0\0\3\1s\0\25\0\0\0PrinterAddWithPpdFile\0\0\0\10\1g\0\5sssss\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.215\0\0\3\0\0\0raw\0\0\0\0\0\0\0\0\0\16\0\0\0/tmp/tmpNsxl2v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2048) = 209
read(3, 0x15883f0, 2048)                = -1 EAGAIN (Resource temporarily unavailable)
poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout)
sendto(8, "POST / HTTP/1.1\r\nContent-Length: 154\r\nContent-Type: application/ipp\r\nHost: localhost\r\nUser-Agent: CUPS/1.4.1\r\nExpect: 100-continue\r\n\r\n"..., 134, 0, NULL, 0) = 134
sendto(8, "\1\1\0\v\0\0\0\1\1G\0\22attributes-charset\0\5utf-8H\0\33attributes-natural-language\0\5en-usE\0\vprinter-uri\0\34ipp://localhost/printers/rawD\0\24requested-attributes\0\ndevice-uri\3"..., 154, 0, NULL, 0) = 154
poll([{fd=8, events=POLLIN}], 1, 1000)  = 1 ([{fd=8, revents=POLLIN}])
recvfrom(8, "HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 200 OK\r\nDate: Wed, 30 Sep 2009 08:46:49 GMT\r\nServer: CUPS/1.4\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=30\r\nContent-Language: en_GB\r\nContent-Type: application/ipp\r\nContent-Length: 129\r\n\r\n\1\1\4\6\0\0\0\1\1G\0\22attributes-charset\0\5utf-8H\0\33attributes-natural-language\0\5en-usA\0\16status-message\0#The printer or class was not found.\3"..., 2048, 0, NULL, NULL) = 353
writev(9, [{"l\1\0\1y\0\0\0\6\0\0\0\276\0\0\0\1\1o\0%\0\0\0/org/freedesktop/PolicyKit1/Authority\0\0\0\6\1s\0\32\0\0\0org.freedesktop.PolicyKit1\0\0\0\0\0\0\2\1s\0$\0\0\0org.freedesktop.PolicyKit1.Authority\0\0\0\0\3\1s\0\22\0\0\0CheckAuthorization\0\0\0\0\0\0\10\1g\0\20(sa{sv})sa{ss}us\0\0\0"..., 208}, {"\17\0\0\0system-bus-name\0\27\0\0\0\4\0\0\0name\0\1s\0\6\0\0\0:1.215\0\0004\0\0\0org.opensuse.cupspkhelper.mechanism.printeraddremove\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\0"..., 121}], 2) = 329
poll([{fd=9, events=POLLIN}], 1, -1)    = 1 ([{fd=9, revents=POLLIN}])
read(9, "l\2\1\1F\0\0\0\312\1\0\0006\0\0\0\6\1s\0\6\0\0\0:1.217\0\0\5\1u\0\6\0\0\0\10\1g\0\t(bba{ss})\0\0\7\1s\0\5\0\0\0:1.31\0\0\0\1\0\0\0\0\0\0\0006\0\0\0\0\0\0\0!\0\0\0polkit.temporary_authorization_id\0\0\0\t\0\0\0tmpauthz5\0"..., 2048) = 142
read(9, 0x15ab710, 2048)                = -1 EAGAIN (Resource temporarily unavailable)
open("/tmp/tmpNsxl2v", O_RDONLY)        = -1 EACCES (Permission denied)

This filename is the one we were given by the client, containing the PPD file.
Comment 1 Tim Waugh 2009-09-30 05:28:35 EDT
Created attachment 363159 [details]
selinux-policy-cups-ppd-file.patch

This is the fix.
Comment 2 Daniel Walsh 2009-09-30 10:22:32 EDT
Fixed in selinux-policy-3.6.32-13.fc12.noarch
Comment 3 Tim Waugh 2009-09-30 10:32:55 EDT
Brilliant, thanks.

This fix really needs to go into Fedora 12, and I guess that means it needs a tag request now. :-(
Comment 4 Daniel Walsh 2009-09-30 13:34:48 EDT
It will be in F12.  I am sure we will have several more updates to policy before F12 ships.

Note You need to log in before you can comment on or make changes to this bug.