On Sat, 6 Mar 2004 01:09, Tim Waugh <twaugh@xxxxxxxxxx> wrote: > On Sat, Mar 06, 2004 at 01:04:05AM +1100, Russell Coker wrote: > > Sounds like system-config-printer is running as cupsd_t, I'm not > > sure that's what we want. We may have to make all CUPS config files > > re-writable by cupsd to solve this. > > Regardless of that, cupsd itself will need to modify its configuration > files; that's how the HTTP interface works. Yes. Sorry I haven't touched the cups policy apart from cosmetic changes for a while. Last time I was using it the cupsd didn't need to change the cupsd.conf file, only the printers.conf file. The simple solution to this is to change the .fc file to have the cupsd.conf file have the type cupsd_rw_etc_t. Long term we have to work out whether there is any way that we can productively reduce the write access of cupsd to it's config files, or whether we should just make them all read/write. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/ Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
