On Thu, 2006-01-26 at 10:34 -0500, Stephen Smalley wrote: > On Thu, 2006-01-26 at 08:23 -0700, Craig White wrote: > > On Thu, 2006-01-26 at 10:14 -0500, Stephen Smalley wrote: > > > On Thu, 2006-01-26 at 10:12 -0500, Stephen Smalley wrote: > > > > One obvious possibility is that the cups policy might not allow access > > > > to search /home, thereby preventing it from reaching /home/share > > > > and /home/share/cups. So you would have to add a local.te file that > > > > allows such access. > > > > > > If the above isn't clear, see the EXAMPLE section of the man page for > > > audit2allow. > > ---- > > on RHEL - I was able to install selinux-targeted-policy-sources and that > > gave me the resources to create the local.te file. > > > > on FC-4, I execute 'yum install selinux-targeted-policy-sources' and it > > can't find it. What is the package called in FC-4? > > That's selinux-policy-targeted-sources. Should be the same on RHEL. > > As a heads up, the policy*sources packages go away in FC5; the new > modular policy support eliminates the need for base policy sources to > perform local additions, so policy sources are only in the .src.rpm in > FC5. ---- Arrgh E [26/Jan/2006:08:40:36 -0700] LoadPPDs: Unable to open PPD directory "/usr/share/cups/model": Permission denied this is after... cd /etc/selinux/targeted/src/policy /usr/bin/audit2allow -i < /var/log/audit/audit.log \ >> domains/misc/local.te which resulted in this... # cat domains/misc/local.te # Local customization of existing policy should be done in this file. # If you are creating brand new policy for a new "target" domain, you # need to create a type enforcement (.te) file in domains/program # and a file context (.fc) file in file_context/program. allow canna_t usr_t:lnk_file read; allow cupsd_config_t unconfined_t:fifo_file write; allow cupsd_config_t user_home_t:file read; allow cupsd_config_t usr_t:lnk_file read; allow cupsd_t home_root_t:dir search; allow hald_t usr_t:lnk_file read; allow restorecon_t usr_t:lnk_file read; allow unlabeled_t fs_t:filesystem associate; and then... # make reload # fixfiles -R cups restore # service cups restart ;-( Craig -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
