cups-pdf && SELinux problem running
Daniel J Walsh
dwalsh at redhat.com
Wed Feb 1 14:00:40 UTC 2006
Paul Howarth wrote:
> Samuel Díaz García wrote:
>> Yes, cups-pdf is a "virtual printer" thar prints the ouput into pdf
>> files. That pdf files are saved by cups-pdf into user's home directory.
>>
>> As you said fine, I need to allow cups to write into that directories
>> (including /root) or into a $HOME/cups-pdf-docs directory to disallow
>> cups all control over $HOME directory.
>>
>> If I remember well, cups is launched as root user (where a test I had
>> done some days ago because were a "cups-pdf" prerrequisite - don't
>> remember now).
>>
>> How can I solve the issue with home directories?
>>
>> If anybody knows how to, I would like to solve the problem in this form:
>> 1) Allowing cups writing into home directories or especific
>> subdirectory into $HOME.
>> 2) Enablilng SELinux as restrictive I can (is my laptop and I want
>> to learn a more about SELinux and apps issues.
>
> As a start you might try:
>
> # setsebool -P cupsd_disable_trans 1
>
> This would turn off SELinux protection for the cups daemon, whilst
> leaving you able to have SELinux turned on for everything else.
>
> An alternative that might be worth trying would be to change the
> context of any directories you want cups to be able to write to,
> something like:
>
> # chcon -t print_spool_t $HOME/cups-pdf-doc
>
> Not sure if that'll work though.
>
I kind of like that solution. See what avc messages you get and we
could maybe add a boolean to allow searching of the users homedirs for
this directory.
> Paul.
>
More information about the fedora-list
mailing list