Re: hald - r/w access to /dev/usb/lp0?

Understand and agree about read access, but  the AVC 
shows it wanting write access as well.

Your patch allows read/getattr/ioctl. but not write. I can certainly
imagine a dialog protocol that would require both read and write,
but I'm not certain if this is in fact used here.

What do you think?
   tom


On Sun, 26 Sep 2004 05:34:51 +1000, Russell Coker <russell@xxxxxxxxxxxx> wrote:
> On Sun, 26 Sep 2004 04:27, Tom London <selinux@xxxxxxxxx> wrote:
> > When haldaemon starts, and typically just after the text 'login:'
> > appears but before the graphical stuff takes over, I get:
> >
> > Sep 25 10:28:57 fedora kernel: audit(1096133337.944:0): avc:  denied
> > { read write } for  pid=3187 exe=/usr/sbin/hald name=lp0 dev=tmpfs
> > ino=5073 scontext=system_u:system_r:hald_t
> > tcontext=system_u:object_r:printer_device_t tclass=chr_file
> >
> > referring to /dev/usb/lp0.
> >
> > Does hald need read/write access to the printer_device?
> 
> Does hald need it right now?  Probably, but I'm not sure.
> 
> Will it need such access in the future to perform the tasks that it is
> designed for?  Definitely!  There is a lot of variation among printer
> hardware and hald is the correct program to inform you of what type of
> printer you have just connected.  I've attached a patch to add the access.
> 
> --
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page
> 
> 
> 
> 



-- 
Tom London