Re: SELinux denying Brother printer to CUPS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2007-11-12 at 08:21 -0500, William Cohen wrote:
> Simon Slater wrote:
> > G'day again,
> > 	I am setting up a Brother MFC665CW in F7.  As far as I know I have
> > followed the Brother instructions and FAQ.  It prints fine via USB.
> > When sending a CUPS test page these avc denials are given:
> > 1/
> > avc: denied { write } for comm="brprintconf_mfc" dev=dm-0 egid=7 euid=4
> > exe="/usr/bin/brprintconf_mfc665cw" exit=-13 fsgid=7 fsuid=4 gid=7
> > items=0
> > name="inf" pid=3089 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> > sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 2/
> > avc: denied { append } for comm="sh" dev=dm-0 egid=7 euid=4
> > exe="/bin/bash"
> > exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 3/
> > avc: denied { write } for comm="sh" dev=dm-0 egid=7 euid=4
> > exe="/bin/bash"
> > exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="txreport.log" pid=5852
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:usr_t:s0 tty=(none) uid=4
> > 4/
> > avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> > euid=4
> > exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="filtermfc665cw"
> > pid=3541 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> > 5/
> > avc: denied { execute } for comm="brlpdwrappermfc" dev=dm-0 egid=7
> > euid=4
> > exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="brcupsconfpt1"
> > pid=3539 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
> > 6/
> > avc: denied { execute_no_trans } for comm="cupsd" dev=dm-0 egid=7 euid=4
> > exe="/usr/sbin/cupsd" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
> > name="brlpdwrappermfc665cw"
> > path="/usr/lib/cups/filter/brlpdwrappermfc665cw"
> > pid=3257 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
> > tcontext=root:object_r:lib_t:s0 tty=(none) uid=4
> > 
> > 	I have followed the advice of setroubleshoot and have:
> > touch /.autorelabel; reboot
> > but still no change.
> > 
> > 	There seems to be many files involved.  What is the source of the
> > problem?  SEtroubleshoot suggests local policy rules (reading up on that
> > now in FC5 selinux FAQ) but how many will be needed? One for each type
> > of denial.
> > 
> > 	Any help greatly appreciated. I've been fiddling with this for over a
> > week now :(
> > 
> I had similar problems with setting up a Brother MCF5640cn on an F8 machine. 
> Have you tried the steps listed at the following URL?
> 
> http://solutions.brother.com/linux/sol/printer/linux/linux_faq-2.html#30
> 
> -Will
> 
Yes Will, with the exception that the directory structure is slightly
different.  At first I did exactly as in that FAQ but when running
"restorecon *" found that /usr/local/Brother/ contained the directories
lpd and inf, but these and the cupswrapper directories are also
under /usr/local/Brother/Printer/mfc665cw/ .  So I changed the reference
in /etc/selinux/targeted/contexts/files/file_contexts to include
the /Brother/Printer/mfc665cw/ path, thinking that these 3 directories
were all together under the printer model, then ran restorecon.  Should
the higher directories for .../inf/ and .../lpd be in file_contexts as
well as or instead of the lower path?

-- 
Regards
Simon

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux