Lukas Vrabec <lvrabec@xxxxxxxxxx> writes:
> On 03/31/2017 04:30 PM, Oleg Pykhalov wrote:
>>> On 03/30/2017 01:19 PM, Martin Gansser wrote:
>>> $ cat boomaga_local.cil
>>> (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
>>>
>>> # semodule -i boomaga_local.cil
>>
>> Thank you for tip but I get another error. So I still have some delay
>> printing to boomaga printer.
>>
>> $ sudo semodule -l | grep boomaga
>> boomaga
>> boomaga_local
>>
>> $ cat boomaga_local.cil
>> (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
>>
>> $ journalctl -b
>> Mar 31 17:08:31 magnolia.home.lan audit[1070]: USER_AVC pid=1070
>> uid=81 auid=4294967295 ses=4294967295
>> subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc:
>> denied { send_msg } for msgtype=method_return dest=:1.1062 spid=1084
>> tpid=12021 scontext=system_u:system_r:systemd_logind_t:s0
>> tcontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023 tclass=dbus
>> exe="/usr/bin/dbus-daemon"
>> sauid=81 hostname=? addr=? terminal=?'
>>
>
> Update your boomaga_local.cil file:
> $ cat boomaga_local.cil
> (allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
> (allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
>
> and load it again:
> # semodule -i boomaga_local.cil
>
> Lukas.
>
> _______________________________________________
>> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
>> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
>>
Thank you for supporting this issue. I got another bunch of errors, but
I tried to solve it myself.
$ journalctl -b
Apr 04 19:17:47 magnolia.home.lan audit[938]: USER_AVC pid=938 uid=81
auid=4294967295 ses=4294967295
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: denied
{send_msg } for msgtype=method_call
interface=org.freedesktop.DBus.Introspectable member=Introspect
dest=org.freedesktop.login1 spid=5692 tpid=952
scontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023
tcontext=system_u:system_r:systemd_logind_t:s0 tclass=dbus
exe="/usr/bin/dbus-daemon" sauid=81 hostname=? addr=? terminal=?'
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
(allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
(allow boomaga_cups_t systemd_logind_t(dbus (send_msg)))
$ sudo semodule -i boomaga_local.cil
$ journalctl -b
Apr 04 19:30:48 magnolia.home.lan dbus-daemon[1597]: avc: denied {
send_msg } for msgtype=method_call interface=org.boomaga member=add
dest=org.boomaga spid=6894 tpid=6852
scontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
tclass=dbus
$ cat boomaga_local.cil
(allow boomaga_cups_t boomaga_cups_t(cap_userns (sys_ptrace)))
(allow systemd_logind_t boomaga_cups_t(dbus (send_msg)))
(allow boomaga_cups_t systemd_logind_t(dbus (send_msg)))
(allow boomaga_cups_t unconfined_t(dbus (send_msg)))
$ sudo semodule -i boomaga_local.cil
Printing to boomaga is working without errors and delays now.
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
