Selinux, cups, hplip
Steven Stern
subscribed-lists at sterndata.com
Sat Jun 20 14:11:35 UTC 2009
On 06/20/2009 06:12 AM, Daniel J Walsh wrote:
> On 06/19/2009 07:10 PM, Steven Stern wrote:
>> After installing hplip-gui, I got selinux errors when checking on the
>> printer status.
>>
>> audit2allow generated the following policy
>>
>> module cups20090619 1.0;
>>
>> require {
>> type hwdata_t;
>> type xdm_t;
>> class dir search;
>> class file { read getattr open };
>> }
>>
>> #============= xdm_t ==============
>> allow xdm_t hwdata_t:dir search;
>> allow xdm_t hwdata_t:file { read getattr open };
>>
>>
> xdm is checking the printer status? This allow rule indicates the X
> Login program is checking the printer status. Could you attach the AVC's
> you used to generate this policy.
>
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915):
avc: denied { search } for pid=14744 comm="gnome-settings-"
name="hwdata" dev=dm-0 ino=33869
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915):
avc: denied { read } for pid=14744 comm="gnome-settings-"
name="pnp.ids" dev=dm-0 ino=33873
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=file
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915):
avc: denied { open } for pid=14744 comm="gnome-settings-"
name="pnp.ids" dev=dm-0 ino=33873
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=file
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.693:58916):
avc: denied { getattr } for pid=14744 comm="gnome-settings-"
path="/usr/share/hwdata/pnp.ids" dev=dm-0 ino=33873
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=file
--
Steve
More information about the fedora-list
mailing list