Running strict/enforcing, latest rawhide.
When hpoj/cups starts, I get:
May 25 07:52:07 fedora ptal-mlcd: SYSLOG at ExMgr.cpp:652,
dev=<mlc:usb:PSC_900_Series>, pid=2189, e=2, t=1117032727
ptal-mlcd successfully initialized.
May 25 07:52:07 fedora ptal-printd:
ptal-printd(mlc:usb:PSC_900_Series) successfully initialized using
/var/run/ptal-printd/mlc_usb_PSC_900_Series*.
May 25 07:52:09 fedora kernel: audit(1117032729.705:10): avc: denied
{ name_bind } for pid=2192 comm="ptal-photod" src=5703
scontext=system_u:system_r:initrc_t tcontext=system_u:object_r:port_t
tclass=tcp_socket
May 25 07:52:09 fedora ptal-photod:
ptal-photod(mlc:usb:PSC_900_Series) successfully initialized,
listening on port 5703.
May 25 07:52:12 fedora kernel: audit(1117032732.982:11): avc: denied
{ write } for pid=2189 comm="ptal-mlcd" name=002 dev=usbfs ino=4435
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:usbfs_t
tclass=file
May 25 07:52:13 fedora ptal-mlcd: SYSLOG at
/usr/src/build/533581-i386/BUILD/hpoj-0.91/mlcd/ExMgr.h:646,
dev=<mlc:usb:PSC_900_Series@/dev/usb/lp0>, pid=2189, e=5, t=1117032733
ptal-mlcd successfully activated, mode=1284.4.
So
allow ptal_t usbfs_t:file write;
appears needed.
For the name_bind avc, should ptal-photod be labeled ptal_t so we get
a transition from initrc_t to ptal_t?
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
