Red Hat Bugzilla – Bug 610088
segfault when selinux prevents reading of /usr/share/cups/mime/mime.types
Last modified: 2011-01-24 11:26:14 EST
Description of problem:
Segmentation fault on printing when selinux was enabled and preventing access to /usr/share/cups/mime/mime.types
Version-Release number of selected component (if applicable): cups-1.4.3-6.fc1
How reproducible: always with enforcing selinux, never with permissive selinux
Steps to Reproduce:
1. start cups
2. print anything
Actual results: segfault
Expected results: either the document should be printed, or if selinux makes it impossible to do so a coherent message should be generated, not a segfault.
The fault occurs in vsnprint, which is called from scheduler/log.c:1024. At this point, log_line is sensible, log_linesize is sensible and message is sensible, but it turned out that ap was not. This function was called from scheduler/log.c:223 which in turn was called from scheduler/ipp.c:10374. I found that the parameters filetype->super and filetype->type had the values 0x8 and 0x18 respectively, which is nonsense as they should be the addresses of strings which are to be written into the log message.
These strings are obtained from the call to mimeType in the line above. It seems that the mime database is corrupt. On further investigation, I found that turning selinux into permissive mode caused cups to start working and then (and not with selinux in enforcing mode) I got the log message:
SELinux is preventing /usr/sbin/cupsd "read" access on /usr/share/cups/mime/mime.types
So what I think is happening is that cupsFileOpen is trying to open the file and failing so it returns NULL to the calling function at scheduler/mime.c:691 which silently returns without any return value as it is a void function. So cups completely fails to inform the user that it was unable to read mime.types and it would seem also fails to initialise the mime database in any sensible way.
Turning on debugging didn't help at all with this problem as no useful debugging message is given.
I'm still not quite sure why the database was corrupt.
Anyway, the problem is for me solved by turning off selinux which was also breaking other things. So I'll go with Theodore Tso's opinion that "life is too short for SELinux". However, you should probably consider better error trapping. Whatever selinux does, cups shouldn't segfault!
cups-1.4.4-11.fc14 has been submitted as an update for Fedora 14.
cups-1.4.4-11.fc13 has been submitted as an update for Fedora 13.
cups-1.4.4-11.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
cups-1.4.4-11.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.