Re: SELinux preventing printing.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon, 03 May 2010 11:03:55 -0400
Daniel J Walsh <dwalsh@xxxxxxxxxx> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 05/03/2010 10:22 AM, Steve Blackwell wrote:
> > My wife got a Lexmark X2670 printer with her new laptop and I
> > connected it to my Fedora 11 system, and downloaded the driver from
> > Lexmark.
> > 
> > SELinux is preventing me from printing to it. At first I got 4 AVCs
> > about attempting to load shared libraries that require text
> > relocation. This I fixed with:
> > 
> > # semanage fcontext -a -t textrel_shlib_t
> > '/usr/local/lexmark/lxk08/lib(/.*)?'
> > # restorecon -R -v /usr/local/lexmark/lxk08/lib
> > 
> > but now I'm getting this one: 
> > 
> > Raw Audit Messages :
> > 
> > node=steve.blackwell type=AVC
> > msg=audit(1272894966.836:66): avc: denied { search } for pid=29536
> > comm="printdriver" name="lib" dev=dm-0 ino=7635564
> > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> > tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir
> > 
> > node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66):
> > arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0
> > a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7
> > euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none)
> > ses=4294967295 comm="printdriver"
> > exe="/usr/local/lexmark/lxk08/bin/printdriver"
> > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) 
> > 
> > What is the "correct" way to solve this? Create am audit2allow rule?
> > 
> > Thanks,
> > Steve
> > --
> > selinux mailing list
> > selinux@xxxxxxxxxxxxxxxxxxxxxxx
> > https://admin.fedoraproject.org/mailman/listinfo/selinux
> 
> 
> # semanage fcontext -d -t textrel_shlib_t
> '/usr/local/lexmark/lxk08/lib(/.*)?
> # semanage fcontext -a -t textrel_shlib_t
> '/usr/local/lexmark/lxk08/lib/.*\.so.*'
> # restorecon -R -v /usr/local/lexmark

That got it. Thanks, Dan.
So the files in the lib directory were labeled correctly but the
directory itself was not. It needed to be of type lib_t.

Steve
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux