Re: Selinux Problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 10/06/2009 10:56 AM, Daniel J Walsh wrote:
On 10/05/2009 05:27 PM, Paolo Galtieri wrote:
On Mon, Oct 5, 2009 at 2:13 PM, Daniel J Walsh<dwalsh@xxxxxxxxxx>  wrote:

On 10/05/2009 03:22 PM, Paolo Galtieri wrote:
On Mon, Oct 5, 2009 at 11:11 AM, Daniel J Walsh<dwalsh@xxxxxxxxxx>
wrote:
On 10/05/2009 02:08 PM, Jim wrote:
FC11/Kde

Trying to print on a Samsung CLX-3175FN.
Selinux is playing havoc with printer drivers, these drivers are from
Samsung and I'm getting many Selinux Alerts, to many to keep running
Restorecon.
The printing is coming out with double columns with 1/8" white lines
down through text or pictures.
There are no GPL drivers for this printer, it's to New !

If I disable Selinux, the printer will print normal.

How do I relabel all the files on the computer ?
do I relabel from telinit 3 or what ?

Please show me the AVC's you are seeing.  Or send me a compresses
/var/log/audit/audit.log

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines:
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

I have seen the following SELinux alert:

SELinux is preventing hp (hplip_t) "name_bind" howl_port_t.

lpstat -t shows

printer HP_Color_LaserJet_2605dn disabled since Thu 01 Oct 2009 09:36:23
AM
MST -
     /usr/lib/cups/backend/hp failed

If I change the URI associated with the printer config from

hp:/net/HP_Color_laserjet_2605dn?zc=hpcolorjet

to

hp:/net/HP_Color_laserjet_2605dn?ip=192.168.10.71

then the alerts go away.

The printer is an HP printer and was configured using hp-setup.

Paolo


Could you grep for howl_port_t and attach the output

grep howl_port_t /var/log/audit/audit.log


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines:
http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

type=AVC msg=audit(1254414474.185:50294): avc:  denied  { name_bind } for
pid=18462 comm="hp" src=5353
scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
type=AVC msg=audit(1254414573.360:50295): avc:  denied  { name_bind } for
pid=18499 comm="hp" src=5353
scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
type=AVC msg=audit(1254414980.894:50346): avc:  denied  { name_bind } for
pid=18699 comm="hp" src=5353
scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
type=AVC msg=audit(1254415674.640:50382): avc:  denied  { name_bind } for
pid=18942 comm="hp" src=5353
scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
type=AVC msg=audit(1254415783.474:50425): avc:  denied  { name_bind } for
pid=19012 comm="hp" src=5353
scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket
type=AVC msg=audit(1254415964.178:50441): avc:  denied  { name_bind } for
pid=19154 comm="hp" src=5353
scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023
tcontext=system_u:object_r:howl_port_t:s0 tclass=udp_socket

Paolo


I guess the question is why does the hplip want to listen on the Multicast DNS port.  If this is supposed to happen, we need to add it to policy.

You can add it for now using audit2allow

# grep hplip_t /var/log/audit/audit.log | audit2allow -M myhplip
# semodule -i myhplip.pp

I have a problem with DNS in FC11, FC12 and in a file /etc/dhclient-eth0.conf I have the line;

prepend domain-name-servers 127.0.0.1;

And DNSmasq is enabled.


And in Firefox config I have;

network.dns.disableIPv6


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux