Hello all, I tried today to install the latest hplip package from http://hplipopensource.com to use the printer driver for my HP Printer on my Fedora 9 system (I plan to upgrade to Fedora 11 in the next few weeks). The install package warns you to turn off selinux so I setenforce 0. I assumed that I would be able to write a policy before resuming enforcing mode. The install went fine with no avcs. I then tried to print a test page and got 3 avcs (I can post in full if required). SELinux is preventing hp (hplip_t) "name_bind" howl_port_t. SELinux is preventing hp (hplip_t) "search" to ./dbus (system_dbusd_var_run_t). SELinux is preventing hpcups (cupsd_t) "name_bind" howl_port_t. From these I tried to create a policy using audit2allow. This is what it proposed: ########################################## # cat myhplip.te policy_module(myhplip, 9.0.1) require { type cupsd_t; type hplip_t; type system_dbusd_t; class unix_stream_socket { write connectto search }; } #============= cupsd_t ============== corenet_udp_bind_howl_port(cupsd_t) #============= hplip_t ============== allow hplip_t system_dbusd_t:unix_stream_socket { write connectto search }; corenet_udp_bind_howl_port(hplip_t) ########################################## "make -f" worked OK on this, but when I tried semodule -i I got the following error: [root@localhost selinux]# semodule -i myhplip.pp libsepol.permission_copy_callback: Module myhplip depends on permission search in class unix_stream_socket, not satisfied libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! Is there any way I can resolve this? The only existing bug I can find on hplip is 516078 (https://bugzilla.redhat.com/show_bug.cgi?id=516078) is it related? Thanks in advance for any help or suggestions... Mark
Attachment:
signature.asc
Description: This is a digitally signed message part
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
