Description of problem: The cups-pk-helper-mechanism program is unable to read the provided PPD file due to SELinux policy. Version-Release number of selected component (if applicable): cups-pk-helper-0.0.4-7.fc12.x86_64 selinux-policy-targeted-3.6.32-12.fc12.noarch How reproducible: 100% Steps to Reproduce: 1.Run system-config-printer 2.Try to make a copy of an existing queue, or create a new queue Actual results: Fails. Additional info: A strace of cups-pk-helper-mechanism reveals why: read(3, "l\1\0\0011\0\0\0\n\0\0\0\217\0\0\0\1\1o\0\1\0\0\0/\0\0\0\0\0\0\0\6\1s\0\6\0\0\0:1.216\0\0\2\1s\0#\0\0\0org.opensuse.CupsPkHelper.Mechanism\0\0\0\0\0\3\1s\0\25\0\0\0PrinterAddWithPpdFile\0\0\0\10\1g\0\5sssss\0\0\0\0\0\0\7\1s\0\6\0\0\0:1.215\0\0\3\0\0\0raw\0\0\0\0\0\0\0\0\0\16\0\0\0/tmp/tmpNsxl2v\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 2048) = 209 read(3, 0x15883f0, 2048) = -1 EAGAIN (Resource temporarily unavailable) poll([{fd=5, events=POLLIN}, {fd=9, events=POLLIN}, {fd=3, events=POLLIN}], 3, 0) = 0 (Timeout) sendto(8, "POST / HTTP/1.1\r\nContent-Length: 154\r\nContent-Type: application/ipp\r\nHost: localhost\r\nUser-Agent: CUPS/1.4.1\r\nExpect: 100-continue\r\n\r\n"..., 134, 0, NULL, 0) = 134 sendto(8, "\1\1\0\v\0\0\0\1\1G\0\22attributes-charset\0\5utf-8H\0\33attributes-natural-language\0\5en-usE\0\vprinter-uri\0\34ipp://localhost/printers/rawD\0\24requested-attributes\0\ndevice-uri\3"..., 154, 0, NULL, 0) = 154 poll([{fd=8, events=POLLIN}], 1, 1000) = 1 ([{fd=8, revents=POLLIN}]) recvfrom(8, "HTTP/1.1 100 Continue\r\n\r\nHTTP/1.1 200 OK\r\nDate: Wed, 30 Sep 2009 08:46:49 GMT\r\nServer: CUPS/1.4\r\nConnection: Keep-Alive\r\nKeep-Alive: timeout=30\r\nContent-Language: en_GB\r\nContent-Type: application/ipp\r\nContent-Length: 129\r\n\r\n\1\1\4\6\0\0\0\1\1G\0\22attributes-charset\0\5utf-8H\0\33attributes-natural-language\0\5en-usA\0\16status-message\0#The printer or class was not found.\3"..., 2048, 0, NULL, NULL) = 353 writev(9, [{"l\1\0\1y\0\0\0\6\0\0\0\276\0\0\0\1\1o\0%\0\0\0/org/freedesktop/PolicyKit1/Authority\0\0\0\6\1s\0\32\0\0\0org.freedesktop.PolicyKit1\0\0\0\0\0\0\2\1s\0$\0\0\0org.freedesktop.PolicyKit1.Authority\0\0\0\0\3\1s\0\22\0\0\0CheckAuthorization\0\0\0\0\0\0\10\1g\0\20(sa{sv})sa{ss}us\0\0\0"..., 208}, {"\17\0\0\0system-bus-name\0\27\0\0\0\4\0\0\0name\0\1s\0\6\0\0\0:1.215\0\0004\0\0\0org.opensuse.cupspkhelper.mechanism.printeraddremove\0\0\0\0\0\0\0\0\1\0\0\0\0\0\0\0\0"..., 121}], 2) = 329 poll([{fd=9, events=POLLIN}], 1, -1) = 1 ([{fd=9, revents=POLLIN}]) read(9, "l\2\1\1F\0\0\0\312\1\0\0006\0\0\0\6\1s\0\6\0\0\0:1.217\0\0\5\1u\0\6\0\0\0\10\1g\0\t(bba{ss})\0\0\7\1s\0\5\0\0\0:1.31\0\0\0\1\0\0\0\0\0\0\0006\0\0\0\0\0\0\0!\0\0\0polkit.temporary_authorization_id\0\0\0\t\0\0\0tmpauthz5\0"..., 2048) = 142 read(9, 0x15ab710, 2048) = -1 EAGAIN (Resource temporarily unavailable) open("/tmp/tmpNsxl2v", O_RDONLY) = -1 EACCES (Permission denied) This filename is the one we were given by the client, containing the PPD file.
Created attachment 363159 [details] selinux-policy-cups-ppd-file.patch This is the fix.
Fixed in selinux-policy-3.6.32-13.fc12.noarch
Brilliant, thanks. This fix really needs to go into Fedora 12, and I guess that means it needs a tag request now. :-(
It will be in F12. I am sure we will have several more updates to policy before F12 ships.