FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 11-02-2011, 12:45 PM
Artur Szymczak
 
Default Lexmark - I'm impressed

Hi,

I just finished installation of my new printer at home: Lexmark Prospect
Pro209 on F16rc4 (fresh install on my wife's netbook). I used drivers
from lexmark (for Fedora 64bit) and... I saw this during installation:
Quote:
(...)

=============================
Execute: /usr/bin/checkmodule -M -m -o
/tmp/selfgz746922398/pkg/files/dbuspolicy.mod
/tmp/selfgz746922398/pkg/files/dbuspolicy.te

/usr/bin/checkmodule: loading policy configuration from
/tmp/selfgz746922398/pkg/files/dbuspolicy.te
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 13) to
/tmp/selfgz746922398/pkg/files/dbuspolicy.mod
=============================

=============================
Execute: /usr/bin/semodule_package -o
/tmp/selfgz746922398/pkg/files/dbuspolicy.pp -m
/tmp/selfgz746922398/pkg/files/dbuspolicy.mod

=============================

=============================
Execute: /usr/sbin/semodule -i /tmp/selfgz746922398/pkg/files/dbuspolicy.pp

=============================

(...)

=============================
Execute: /usr/bin/checkmodule -M -m -o
/tmp/selfgz746922398/pkg/files/lxhcp.mod
/tmp/selfgz746922398/pkg/files/lxhcp.te

/usr/bin/checkmodule: loading policy configuration from
/tmp/selfgz746922398/pkg/files/lxhcp.te
/usr/bin/checkmodule: policy configuration loaded
/usr/bin/checkmodule: writing binary representation (version 13) to
/tmp/selfgz746922398/pkg/files/lxhcp.mod
=============================

=============================
Execute: /usr/bin/semodule_package -o
/tmp/selfgz746922398/pkg/files/lxhcp.pp -m
/tmp/selfgz746922398/pkg/files/lxhcp.mod

=============================

=============================
Execute: /usr/sbin/semodule -i /tmp/selfgz746922398/pkg/files/lxhcp.pp

=============================
(...)
So i looked on this tw policy files:

Code:
$ cat dbuspolicy.te
module printfilter 1.0;

require {
type unconfined_t;
type cupsd_t;
class unix_stream_socket connectto;
};
#============= cupsd_t ==============
allow cupsd_t unconfined_t:unix_stream_socket connectto;

$ cat lxhcp.te

module lxhcp 1.0;

require {
        type howl_port_t;
        type cupsd_t;
        class udp_socket name_bind;
}

#============= cupsd_t ==============
allow cupsd_t howl_port_t:udp_socket name_bind;
It seems, that not everybody (vendors for software/hardware) are
disabling SELinux. I checked printing in Enforcing mode and all works fine.


Regards

--
Artur Szymczak | RHCE: 100-001-734 | CAcert Assurer
RHCA, RHCSS, RHCX, CLE11, CNI, UCP-1, UCI, Linux+, LPIC-2
GPG: C03A 385E 5C10 82C5 6564 C1E9 3D6A 616E B15D 122D
http://CodzienneChodzenieZBogiem.blogspot.com/

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 07:02 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org