SELinux policy -- config tools
Tim Waugh
twaugh at redhat.com
Fri Mar 5 11:18:40 UTC 2004
Hi,
I'm trying to fix some problems with SELinux policy and
system-config-printer. This tool needs to modify
/etc/cups/cupsd.conf, and several other files in /etc/cups, but it
looks like the policy is preventing it (in enforcing mode).
The configuration tool writes a new file (cupsd.conf.new) in the same
directory, with the content it wants (derived from cupsd.conf), and
tried to rename(cupsd.conf.new,cupsd.conf) -- this fails.
I suspect that just writing cupsd.conf directly would work, but I
don't want to end up in a situation where a failure half-way through
writing causes a broken configuration file in-situ.
Probably writing a new file is creating the wrong security context on
that file anyway:
-rw-r----- 1 root:object_r:cupsd_etc_t root sys 21350 Mar 4 18:17 /etc/cups/cupsd.conf
-rw------- 1 system_u:object_r:cupsd_rw_etc_t lp sys 21350 Mar 5 09:39 /etc/cups/cupsd.conf.new
but I want to understand what this config tool *should* be doing, and
how to make the policy let it do that.
Can anyone help?
Thanks,
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040305/407fef36/attachment.sig>
More information about the fedora-devel-list
mailing list