Re: Selinux Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/05/2009 05:27 PM, Paolo Galtieri wrote:
> On Mon, Oct 5, 2009 at 2:13 PM, Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:
> 
>> On 10/05/2009 03:22 PM, Paolo Galtieri wrote:
>>> On Mon, Oct 5, 2009 at 11:11 AM, Daniel J Walsh <dwalsh@xxxxxxxxxx>
>> wrote:
>>>
>>>> On 10/05/2009 02:08 PM, Jim wrote:
>>>>> FC11/Kde
>>>>>
>>>>> Trying to print on a Samsung CLX-3175FN.
>>>>> Selinux is playing havoc with printer drivers, these drivers are from
>>>>> Samsung and I'm getting many Selinux Alerts, to many to keep running
>>>>> Restorecon.
>>>>> The printing is coming out with double columns with 1/8" white lines
>>>>> down through text or pictures.
>>>>> There are no GPL drivers for this printer, it's to New !
>>>>>
>>>>> If I disable Selinux, the printer will print normal.
>>>>>
>>>>> How do I relabel all the files on the computer ?
>>>>> do I relabel from telinit 3 or what ?
>>>>>
>>>> Please show me the AVC's you are seeing.  Or send me a compresses
>>>> /var/log/audit/audit.log
>>>>
>>>> --
>>>> fedora-list mailing list
>>>> fedora-list@xxxxxxxxxx
>>>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>>>> Guidelines:
>>>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>>>
>>>
>>> I have seen the following SELinux alert:
>>>
>>> SELinux is preventing hp (hplip_t) "name_bind" howl_port_t.
>>>
>>> lpstat -t shows
>>>
>>> printer HP_Color_LaserJet_2605dn disabled since Thu 01 Oct 2009 09:36:23
>> AM
>>> MST -
>>>     /usr/lib/cups/backend/hp failed
>>>
>>> If I change the URI associated with the printer config from
>>>
>>> hp:/net/HP_Color_laserjet_2605dn?zc=hpcolorjet
>>>
>>> to
>>>
>>> hp:/net/HP_Color_laserjet_2605dn?ip=192.168.10.71
>>>
>>> then the alerts go away.
>>>
>>> The printer is an HP printer and was configured using hp-setup.
>>>
>>> Paolo
>>>
>>>
>> Could you grep for howl_port_t and attach the output
>>
>> grep howl_port_t /var/log/audit/audit.log
>>
>>
>> --
>> fedora-list mailing list
>> fedora-list@xxxxxxxxxx
>> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>> Guidelines:
>> http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
>>
> 
> type=AVC msg=audit(1254414474.185:50294): avc:  denied  { name_bind } for
> pid=18462 comm="hp" src=5353
> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
> type=AVC msg=audit(1254414573.360:50295): avc:  denied  { name_bind } for
> pid=18499 comm="hp" src=5353
> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
> type=AVC msg=audit(1254414980.894:50346): avc:  denied  { name_bind } for
> pid=18699 comm="hp" src=5353
> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
> type=AVC msg=audit(1254415674.640:50382): avc:  denied  { name_bind } for
> pid=18942 comm="hp" src=5353
> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
> type=AVC msg=audit(1254415783.474:50425): avc:  denied  { name_bind } for
> pid=19012 comm="hp" src=5353
> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
> type=AVC msg=audit(1254415964.178:50441): avc:  denied  { name_bind } for
> pid=19154 comm="hp" src=5353
> scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
> 
> Paolo
> 
> 
I guess the question is why does the hplip want to listen on the Multicast DNS port.  If this is supposed to happen, we need to add it to policy.

You can add it for now using audit2allow

# grep hplip_t /var/log/audit/audit.log | audit2allow -M myhplip
# semodule -i myhplip.pp

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux