On Thu, 2006-01-26 at 08:46 -0700, Craig White wrote: > E [26/Jan/2006:08:40:36 -0700] LoadPPDs: Unable to open PPD directory > "/usr/share/cups/model": Permission denied > > this is after... > > cd /etc/selinux/targeted/src/policy > /usr/bin/audit2allow -i < /var/log/audit/audit.log \ > >> domains/misc/local.te > > which resulted in this... > # cat domains/misc/local.te > # Local customization of existing policy should be done in this file. > # If you are creating brand new policy for a new "target" domain, you > # need to create a type enforcement (.te) file in domains/program > # and a file context (.fc) file in file_context/program. > > allow canna_t usr_t:lnk_file read; > allow cupsd_config_t unconfined_t:fifo_file write; > allow cupsd_config_t user_home_t:file read; > allow cupsd_config_t usr_t:lnk_file read; > allow cupsd_t home_root_t:dir search; > allow hald_t usr_t:lnk_file read; > allow restorecon_t usr_t:lnk_file read; > allow unlabeled_t fs_t:filesystem associate; That last one is particularly suspect; what audit message contained unlabeled_t? > and then... > # make reload > # fixfiles -R cups restore That shouldn't have been necessary, as you didn't change the file_contexts again. Only need to relabel upon changing file_contexts, not policy changes. > # service cups restart Check those audit messages again for anything new. It may be that it got further but ran into another denial later on. -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
