selinux denying a cups printer

Daniel J Walsh dwalsh at redhat.com
Tue Dec 2 21:21:41 UTC 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gene Heskett wrote:
> Greetings;
> 
> Uptodate F8, targeted setting
> 
> host=coyote.coyote.den type=AVC msg=audit(1227891049.940:679): avc: denied { 
> execute } for pid=6486 comm="cupsd" name="lp3" dev=sda3 ino=104400725 
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
> 
> host=coyote.coyote.den type=SYSCALL msg=audit(1227891049.940:679): 
> arch=40000003 syscall=33 success=no exit=-13 a0=bff13656 a1=1 a2=b7f17ff4 
> a3=b7f18a3c items=0 ppid=6485 pid=6486 auid=0 uid=0 gid=0 euid=0 suid=0 
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cupsd" 
> exe="/usr/sbin/cupsd" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
> key=(null)
> 
> The troubleshooters recommended fix is a restorecon -v './lp3'
> 
> The only ./lp3 I could find was in /etc/cups.d/interfaces/lp3, and while it 
> did change the context of the file, it does not fix the problem.  This 
> particular driver ppd is the lpr and cupswrapper of the HL2140 driver kit 
> from Brother, and apparently is installed in a /usr/local/Brother subdir by 
> their rpms.
> 
> All this did work flawlessly before I had a drive failure, and it worked after 
> an Fu8 install, but failed sometime in the nearly 2 weeks uptime, as did all 
> my other printer profiles, which I have now deleted and rebuilt, and work 
> except for this one.
> 
> I am going to try touching /.autorelabel and reboot again see if that helps.  
> However, nothing happened the last time I tried that 2 weeks ago...
> 

 grep interfaces /etc/selinux/targeted/contexts/files/file_contexts
/etc/cups/interfaces(/.*)?	system_u:object_r:cupsd_interface_t:s0


chcon -t cupsd_interface_t /etc/cups.d/interfaces/lp3
Should fix it.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkk1puUACgkQrlYvE4MpobP4agCeOu1UiTOQbStLoXYjuCZ8rVHq
QKgAn0nm7uucimNgultxxSjgtQdKqU1g
=CXYP
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list