selinux denying a cups printer
Daniel J Walsh
dwalsh at redhat.com
Tue Dec 2 21:21:41 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gene Heskett wrote:
> Greetings;
>
> Uptodate F8, targeted setting
>
> host=coyote.coyote.den type=AVC msg=audit(1227891049.940:679): avc: denied {
> execute } for pid=6486 comm="cupsd" name="lp3" dev=sda3 ino=104400725
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:cupsd_rw_etc_t:s0 tclass=file
>
> host=coyote.coyote.den type=SYSCALL msg=audit(1227891049.940:679):
> arch=40000003 syscall=33 success=no exit=-13 a0=bff13656 a1=1 a2=b7f17ff4
> a3=b7f18a3c items=0 ppid=6485 pid=6486 auid=0 uid=0 gid=0 euid=0 suid=0
> fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm="cupsd"
> exe="/usr/sbin/cupsd" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> key=(null)
>
> The troubleshooters recommended fix is a restorecon -v './lp3'
>
> The only ./lp3 I could find was in /etc/cups.d/interfaces/lp3, and while it
> did change the context of the file, it does not fix the problem. This
> particular driver ppd is the lpr and cupswrapper of the HL2140 driver kit
> from Brother, and apparently is installed in a /usr/local/Brother subdir by
> their rpms.
>
> All this did work flawlessly before I had a drive failure, and it worked after
> an Fu8 install, but failed sometime in the nearly 2 weeks uptime, as did all
> my other printer profiles, which I have now deleted and rebuilt, and work
> except for this one.
>
> I am going to try touching /.autorelabel and reboot again see if that helps.
> However, nothing happened the last time I tried that 2 weeks ago...
>
grep interfaces /etc/selinux/targeted/contexts/files/file_contexts
/etc/cups/interfaces(/.*)? system_u:object_r:cupsd_interface_t:s0
chcon -t cupsd_interface_t /etc/cups.d/interfaces/lp3
Should fix it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkk1puUACgkQrlYvE4MpobP4agCeOu1UiTOQbStLoXYjuCZ8rVHq
QKgAn0nm7uucimNgultxxSjgtQdKqU1g
=CXYP
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list