[redhat-lspp] Feature complete Trusted Printing patch
Matt Anderson
mra at hp.com
Wed Oct 11 22:45:16 UTC 2006
Attached is the latest cups-lspp.patch which applies cleanly to
cups-1.2.4-9. This patch contains additions that set the security level
of the spool file to match the context of the job. This combined with
the policy updates allows for the sysadm_r role to properly administer
the job queue.
The patch cups-policy.patch applies to selinux-policy-2.3.18-8. This
patch resets some of the file contexts and removes some allow rules in
order to more closely match what CUPS needs. I understand from previous
posts that these changes may disrupt other versions of lpd. I'm
providing my patch as a basis for what CUPS needs, but I expect these
changes will be incorporated in a way that makes use of a boolean tunable.
Some additional permissions were need in order to allow various
operations. I've attached cupsmod.te as the basis for building a policy
module which contains the needed allows.
As with before, in order to make use of the trusted printing additions
you'll need to setup your system as described here:
http://free.linux.hp.com/~mra/docs
-matt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: cupsmod.te
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061011/c3d130db/attachment.ksh>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cups-lspp.patch
Type: text/x-patch
Size: 74571 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061011/c3d130db/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cups-policy.patch
Type: text/x-patch
Size: 4326 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20061011/c3d130db/attachment-0001.bin>
More information about the redhat-lspp
mailing list