SELinux preventing printing.
My wife got a Lexmark X2670 printer with her new laptop and I connected
it to my Fedora 11 system, and downloaded the driver from Lexmark. SELinux is preventing me from printing to it. At first I got 4 AVCs about attempting to load shared libraries that require text relocation. This I fixed with: # semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)?' # restorecon -R -v /usr/local/lexmark/lxk08/lib but now I'm getting this one: Raw Audit Messages : node=steve.blackwell type=AVC msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 comm="printdriver" name="lib" dev=dm-0 ino=7635564 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) What is the "correct" way to solve this? Create am audit2allow rule? Thanks, Steve -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux preventing printing.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 05/03/2010 10:22 AM, Steve Blackwell wrote: > My wife got a Lexmark X2670 printer with her new laptop and I connected > it to my Fedora 11 system, and downloaded the driver from Lexmark. > > SELinux is preventing me from printing to it. At first I got 4 AVCs > about attempting to load shared libraries that require text relocation. > This I fixed with: > > # semanage fcontext -a -t textrel_shlib_t > '/usr/local/lexmark/lxk08/lib(/.*)?' > # restorecon -R -v /usr/local/lexmark/lxk08/lib > > but now I'm getting this one: > > Raw Audit Messages : > > node=steve.blackwell type=AVC > msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 > comm="printdriver" name="lib" dev=dm-0 ino=7635564 > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir > > node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): > arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 > a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 > euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 > comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver" > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) > > What is the "correct" way to solve this? Create am audit2allow rule? > > Thanks, > Steve > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux # semanage fcontext -d -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)? # semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib/.*.so.*' # restorecon -R -v /usr/local/lexmark -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkve5dsACgkQrlYvE4MpobNllACff1YnvWPLe5 xtq1xNe8QoaOQd Z7IAnjfeC3L54N87hxVLw3Ypwc7vlQrl =3MWW -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux preventing printing.
On Mon, 03 May 2010 11:03:55 -0400
Daniel J Walsh <dwalsh@redhat.com> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 05/03/2010 10:22 AM, Steve Blackwell wrote: > > My wife got a Lexmark X2670 printer with her new laptop and I > > connected it to my Fedora 11 system, and downloaded the driver from > > Lexmark. > > > > SELinux is preventing me from printing to it. At first I got 4 AVCs > > about attempting to load shared libraries that require text > > relocation. This I fixed with: > > > > # semanage fcontext -a -t textrel_shlib_t > > '/usr/local/lexmark/lxk08/lib(/.*)?' > > # restorecon -R -v /usr/local/lexmark/lxk08/lib > > > > but now I'm getting this one: > > > > Raw Audit Messages : > > > > node=steve.blackwell type=AVC > > msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 > > comm="printdriver" name="lib" dev=dm-0 ino=7635564 > > scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 > > tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir > > > > node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): > > arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 > > a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 > > euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) > > ses=4294967295 comm="printdriver" > > exe="/usr/local/lexmark/lxk08/bin/printdriver" > > subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) > > > > What is the "correct" way to solve this? Create am audit2allow rule? > > > > Thanks, > > Steve > > -- > > selinux mailing list > > selinux@lists.fedoraproject.org > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > # semanage fcontext -d -t textrel_shlib_t > '/usr/local/lexmark/lxk08/lib(/.*)? > # semanage fcontext -a -t textrel_shlib_t > '/usr/local/lexmark/lxk08/lib/.*.so.*' > # restorecon -R -v /usr/local/lexmark That got it. Thanks, Dan. So the files in the lib directory were labeled correctly but the directory itself was not. It needed to be of type lib_t. Steve -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
SELinux preventing printing.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1 On 05/03/2010 11:18 AM, Steve Blackwell wrote: > On Mon, 03 May 2010 11:03:55 -0400 > Daniel J Walsh <dwalsh@redhat.com> wrote: > >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> On 05/03/2010 10:22 AM, Steve Blackwell wrote: >>> My wife got a Lexmark X2670 printer with her new laptop and I >>> connected it to my Fedora 11 system, and downloaded the driver from >>> Lexmark. >>> >>> SELinux is preventing me from printing to it. At first I got 4 AVCs >>> about attempting to load shared libraries that require text >>> relocation. This I fixed with: >>> >>> # semanage fcontext -a -t textrel_shlib_t >>> '/usr/local/lexmark/lxk08/lib(/.*)?' >>> # restorecon -R -v /usr/local/lexmark/lxk08/lib >>> >>> but now I'm getting this one: >>> >>> Raw Audit Messages : >>> >>> node=steve.blackwell type=AVC >>> msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 >>> comm="printdriver" name="lib" dev=dm-0 ino=7635564 >>> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 >>> tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir >>> >>> node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): >>> arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 >>> a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 >>> euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) >>> ses=4294967295 comm="printdriver" >>> exe="/usr/local/lexmark/lxk08/bin/printdriver" >>> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) >>> >>> What is the "correct" way to solve this? Create am audit2allow rule? >>> >>> Thanks, >>> Steve >>> -- >>> selinux mailing list >>> selinux@lists.fedoraproject.org >>> https://admin.fedoraproject.org/mailman/listinfo/selinux >> >> >> # semanage fcontext -d -t textrel_shlib_t >> '/usr/local/lexmark/lxk08/lib(/.*)? >> # semanage fcontext -a -t textrel_shlib_t >> '/usr/local/lexmark/lxk08/lib/.*.so.*' >> # restorecon -R -v /usr/local/lexmark > > That got it. Thanks, Dan. > So the files in the lib directory were labeled correctly but the > directory itself was not. It needed to be of type lib_t. > > Steve > -- > selinux mailing list > selinux@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/selinux Yes -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkve6lMACgkQrlYvE4MpobP3ZwCgjxUu/M3PGNZpJtFsbiabXszu r40An0M1EbEk2xRtEfa9wQEpXZVQqbG0 =s01c -----END PGP SIGNATURE----- -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux |
| All times are GMT. The time now is 12:01 AM. |
VBulletin, Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.