cups-pdf && SELinux problem running
Paul Howarth
paul at city-fan.org
Wed Feb 1 13:24:37 UTC 2006
Samuel Díaz García wrote:
> Yes, cups-pdf is a "virtual printer" thar prints the ouput into pdf
> files. That pdf files are saved by cups-pdf into user's home directory.
>
> As you said fine, I need to allow cups to write into that directories
> (including /root) or into a $HOME/cups-pdf-docs directory to disallow
> cups all control over $HOME directory.
>
> If I remember well, cups is launched as root user (where a test I had
> done some days ago because were a "cups-pdf" prerrequisite - don't
> remember now).
>
> How can I solve the issue with home directories?
>
> If anybody knows how to, I would like to solve the problem in this form:
> 1) Allowing cups writing into home directories or especific
> subdirectory into $HOME.
> 2) Enablilng SELinux as restrictive I can (is my laptop and I want to
> learn a more about SELinux and apps issues.
As a start you might try:
# setsebool -P cupsd_disable_trans 1
This would turn off SELinux protection for the cups daemon, whilst
leaving you able to have SELinux turned on for everything else.
An alternative that might be worth trying would be to change the context
of any directories you want cups to be able to write to, something like:
# chcon -t print_spool_t $HOME/cups-pdf-doc
Not sure if that'll work though.
Paul.
More information about the fedora-list
mailing list