HPLIP and Fedora9
Arthur Dent
misc.lists at blueyonder.co.uk
Thu Aug 6 19:45:54 UTC 2009
Hello all,
I tried today to install the latest hplip package from
http://hplipopensource.com to use the printer driver for my HP Printer
on my Fedora 9 system (I plan to upgrade to Fedora 11 in the next few
weeks). The install package warns you to turn off selinux so I
setenforce 0. I assumed that I would be able to write a policy before
resuming enforcing mode.
The install went fine with no avcs. I then tried to print a test page
and got 3 avcs (I can post in full if required).
SELinux is preventing hp (hplip_t) "name_bind" howl_port_t.
SELinux is preventing hp (hplip_t) "search" to ./dbus
(system_dbusd_var_run_t).
SELinux is preventing hpcups (cupsd_t) "name_bind" howl_port_t.
From these I tried to create a policy using audit2allow. This is what it
proposed:
##########################################
# cat myhplip.te
policy_module(myhplip, 9.0.1)
require {
type cupsd_t;
type hplip_t;
type system_dbusd_t;
class unix_stream_socket { write connectto search };
}
#============= cupsd_t ==============
corenet_udp_bind_howl_port(cupsd_t)
#============= hplip_t ==============
allow hplip_t system_dbusd_t:unix_stream_socket { write connectto
search };
corenet_udp_bind_howl_port(hplip_t)
##########################################
"make -f" worked OK on this, but when I tried semodule -i I got the
following error:
[root at localhost selinux]# semodule -i myhplip.pp
libsepol.permission_copy_callback: Module myhplip depends on permission
search in class unix_stream_socket, not satisfied
libsemanage.semanage_link_sandbox: Link packages failed
semodule: Failed!
Is there any way I can resolve this?
The only existing bug I can find on hplip is 516078
(https://bugzilla.redhat.com/show_bug.cgi?id=516078) is it related?
Thanks in advance for any help or suggestions...
Mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20090806/f20dc687/attachment.sig>
More information about the fedora-selinux-list
mailing list