On Mon, Dec 24, 2012 at 9:51 AM, Gregory P. Ennis <PoMec@xxxxxxxxx> wrote:
> Everyone,
>
> I recently had a disc drive failure on a centos 5.8 internal mail
> server. I replaced the drive and installed centos 6.3. I had selinux
> turned off on the 5.8 machine, and with the upgrade to 6.3 decided to
> leave selinux active with the hopes I had learned enough to be able to
> use it.
>
> I have a couple of perl scripts that are activated by email that prints
> the contents of the mail packet on a printer. I have been able to fix
> the temporary directories that are used with changes of selinux
> permissions, but I have not been able to make everything work with the
> command :
>
> $arg = ("lp -o raw -d $LPT $MAILFILEO");
> system($arg);
>
> I get the following log entry :
>
> Can't exec "lp": Permission denied at /usr/local/bin/s.printer.process
> line 190, <FILEI> line 19.
>
> Any ideas how I can get 'lp' to accept usage from the 'mail' user
> account? Everything works ok when selinux is turned off. I would like
> to keep it on at this point.
>
> Thanks,
>
> Greg Ennis
>
> Forgot to put in the results of ausearch -m avc
>
> type=SYSCALL msg=audit(1356364738.939:49185): arch=40000003 syscall=11 success=no exit=-13 a0=bfd992c5 a1=89c6df0 a2=89b8d58 a3=89b8d82 items=0 ppid=31198 pid=31200 auid=0 uid=8 gid=12 euid=8 suid=8 fsuid=8 egid=12 sgid=12 fsgid=12 tty=(none) ses=104 comm="s.printer.proce" exe="/usr/bin/perl" subj=unconfined_u:system_r:sendmail_t:s0 key=(null)
> type=AVC msg=audit(1356364738.939:49185): avc: denied { execute } for pid=31200 comm="s.printer.proce" name="lp.cups" dev=sda7 ino=1064276 scontext=unconfined_u:system_r:sendmail_t:s0 tcontext=system_u:object_r:lpr_exec_t:s0 tclass=file
This post: http://www.lefred.be/?q=node/129 has very good instructions
on how to create the selinux policy from your audit.log.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
