SELinux policy -- config tools
Russell Coker
russell at coker.com.au
Fri Mar 5 14:43:44 UTC 2004
On Sat, 6 Mar 2004 01:09, Tim Waugh <twaugh at redhat.com> wrote:
> On Sat, Mar 06, 2004 at 01:04:05AM +1100, Russell Coker wrote:
> > Sounds like system-config-printer is running as cupsd_t, I'm not
> > sure that's what we want. We may have to make all CUPS config files
> > re-writable by cupsd to solve this.
>
> Regardless of that, cupsd itself will need to modify its configuration
> files; that's how the HTTP interface works.
Yes.
Sorry I haven't touched the cups policy apart from cosmetic changes for a
while.
Last time I was using it the cupsd didn't need to change the cupsd.conf file,
only the printers.conf file. The simple solution to this is to change
the .fc file to have the cupsd.conf file have the type cupsd_rw_etc_t. Long
term we have to work out whether there is any way that we can productively
reduce the write access of cupsd to it's config files, or whether we should
just make them all read/write.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
More information about the fedora-devel-list
mailing list