Daniel J Walsh wrote:
Probably not. What avc messages are you seeing?
Clean install of selinux-policy-targeted-1.23.18-17:
* rpm -e selinux-policy-targeted
* rm -rf /etc/selinux
* yum install selinux-policy-targeted
* reboot
Printer is set as shared in printconf-gui and LPD is enabled. xinetd is
running and cups-lpd is enabled. ('nmap localhost' shows port 515 is
open.) Try "Print Test Page" on my Windows XP laptop which has this
printer configured.
/var/log/secure:
Jun 29 19:48:33 home xinetd[2014]: START: printer pid=5767
from=192.168.1.128
/var/log/messages:
Jun 29 19:48:33 home cups-lpd[5767]: Unable to get client address -
Socket operation on non-socket
Jun 29 19:48:33 home cups-lpd[5767]: Unable to get command line from client!
/var/log/audit/audit.log:
type=AVC msg=audit(1120092513.256:10611097): avc: denied { read write
} for pid=5767 comm="cups-lpd" name=[11317] dev=sockfs ino=11317
scontext=system_u:system_r:cupsd_t tcontext=system_u:system_r:inetd_t
tclass=tcp_socket
type=AVC msg=audit(1120092513.256:10611097): avc: denied { read write
} for pid=5767 comm="cups-lpd" name=[11317] dev=sockfs ino=11317
scontext=system_u:system_r:cupsd_t tcontext=system_u:system_r:inetd_t
tclass=tcp_socket
type=AVC msg=audit(1120092513.256:10611097): avc: denied { read write
} for pid=5767 comm="cups-lpd" name=[11317] dev=sockfs ino=11317
scontext=system_u:system_r:cupsd_t tcontext=system_u:system_r:inetd_t
tclass=tcp_socket
type=PATH msg=audit(1120092513.256:10611097): item=1 inode=362148
dev=09:03 mode=0100755 ouid=0 ogid=0 rdev=00:00
type=PATH msg=audit(1120092513.256:10611097): item=0
name="/usr/lib/cups/daemon/cups-lpd" inode=295106 dev=09:03 mode=0100755
ouid=0 ogid=0 rdev=00:00
type=AVC_PATH msg=audit(1120092513.256:10611097): path="socket:[11317]"
type=AVC_PATH msg=audit(1120092513.256:10611097): path="socket:[11317]"
type=AVC_PATH msg=audit(1120092513.256:10611097): path="socket:[11317]"
type=SYSCALL msg=audit(1120092513.256:10611097): arch=40000003
syscall=11 success=yes exit=0 a0=9d7e678 a1=9d7e668 a2=9d7ee10
a3=bfed5ba4 items=2 pid=5767 auid=4294967295 uid=4 gid=7 euid=4 suid=4
fsuid=4 egid=7 sgid=7 fsgid=7 comm="cups-lpd"
exe="/usr/lib/cups/daemon/cups-lpd"
(The same messages, with different PIDs, are repeated, presumably as
Windows retries the job.)
getsebool -a:
NetworkManager_disable_trans --> inactive
allow_execmem --> active
allow_execmod --> active
allow_execstack --> active
allow_kerberos --> active
allow_write_xshm --> inactive
allow_ypbind --> active
apmd_disable_trans --> inactive
arpwatch_disable_trans --> inactive
auditd_disable_trans --> inactive
bluetooth_disable_trans --> inactive
canna_disable_trans --> inactive
cardmgr_disable_trans --> inactive
comsat_disable_trans --> inactive
cupsd_config_disable_trans --> inactive
cupsd_disable_trans --> inactive
cupsd_lpd_disable_trans --> inactive
cvs_disable_trans --> inactive
cyrus_disable_trans --> inactive
dbskkd_disable_trans --> inactive
dhcpc_disable_trans --> inactive
dhcpd_disable_trans --> inactive
dovecot_disable_trans --> inactive
fingerd_disable_trans --> inactive
ftp_home_dir --> active
ftpd_disable_trans --> inactive
ftpd_is_daemon --> active
hald_disable_trans --> inactive
hotplug_disable_trans --> inactive
howl_disable_trans --> inactive
hplip_disable_trans --> inactive
httpd_builtin_scripting --> active
httpd_can_network_connect --> inactive
httpd_disable_trans --> inactive
httpd_enable_cgi --> active
httpd_enable_homedirs --> active
httpd_ssi_exec --> active
httpd_suexec_disable_trans --> inactive
httpd_tty_comm --> inactive
httpd_unified --> active
i18n_input_disable_trans --> inactive
inetd_child_disable_trans --> inactive
inetd_disable_trans --> inactive
innd_disable_trans --> inactive
kadmind_disable_trans --> inactive
klogd_disable_trans --> inactive
krb5kdc_disable_trans --> inactive
ktalkd_disable_trans --> inactive
lpd_disable_trans --> inactive
mysqld_disable_trans --> inactive
named_disable_trans --> inactive
named_write_master_zones --> inactive
nfs_export_all_ro --> active
nfs_export_all_rw --> active
nmbd_disable_trans --> inactive
nscd_disable_trans --> inactive
ntpd_disable_trans --> inactive
portmap_disable_trans --> inactive
postgresql_disable_trans --> inactive
pppd_disable_trans --> inactive
pppd_for_user --> inactive
privoxy_disable_trans --> inactive
ptal_disable_trans --> inactive
radiusd_disable_trans --> inactive
radvd_disable_trans --> inactive
read_default_t --> active
rlogind_disable_trans --> inactive
rsync_disable_trans --> inactive
samba_enable_home_dirs --> inactive
saslauthd_disable_trans --> inactive
slapd_disable_trans --> inactive
smbd_disable_trans --> inactive
snmpd_disable_trans --> inactive
squid_connect_any --> inactive
squid_disable_trans --> inactive
stunnel_disable_trans --> inactive
stunnel_is_daemon --> inactive
syslogd_disable_trans --> inactive
system_dbusd_disable_trans --> inactive
telnetd_disable_trans --> inactive
tftpd_disable_trans --> inactive
udev_disable_trans --> inactive
use_nfs_home_dirs --> inactive
use_samba_home_dirs --> inactive
user_ping --> inactive
uucpd_disable_trans --> inactive
winbind_disable_trans --> inactive
ypbind_disable_trans --> inactive
ypserv_disable_trans --> inactive
zebra_disable_trans --> inactive
Thanks!
--
========================================================================
Ian Pilcher i.pilcher@xxxxxxxxxxx
========================================================================
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
