Please take our Survey
logo       
<prev   next>

Choosing A Webhost:
A web hosting service is a type of Internet hosting service that allows individuals and organizations to provide their own website accessible via the World Wide Web. Web hosts are companies that provide space on a server they own for use by their clients as well as providing Internet connectivity, typically in a data center. Web hosts can also provide data center space and connectivity to the Internet for servers they do not own to be located in their data center, called colocation. more...

printer creation in RPM scriptlet: msg#00142

Subject: printer creation in RPM scriptlet
I tried installing http://remi.collet.free.fr/rpms/fc4.i386/cups-pdf-2.0.0-0.1.fc4.remi.i386.rpm. The RPM has the following post-install scriptlet: 

if [ "$1" -eq "1" ]; then
        /etc/init.d/cups restart
        (       /usr/sbin/lpadmin -p Cups-PDF -v cups-pdf:/ -m PostscriptColor.ppd -E 
&&
                echo Cups-PDF printer created
        ) || true
fi
With selinux-policy-targeted-1.27.1-2.11 in enforcing mode, the lpadmin command fails with error: 

        lpadmin: add-printer (set device) failed: client-error-not-possible

In permissive mode, the install proceeds without problem.

The relevant audit.log entries are:
type=AVC msg=audit(1133045911.757:788): avc: denied { ioctl } for pid=20774 comm="printconf-backe" name="[7217936]" dev=pipefs ino=7217936 scontext=root:system_r:cupsd_config_t tcontext=root:system_r:unconfined_t tclass=fifo_file
type=SYSCALL msg=audit(1133045911.757:788): arch=40000003 syscall=54 success=no exit=-13 a0=0 a1=5401 a2=bfd10098 a3=bfd100d8 items=0 pid=20774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="printconf-backe" exe="/usr/bin/python" 

type=AVC_PATH msg=audit(1133045911.757:788):  path="pipe:[7217936]"
type=AVC msg=audit(1133045911.757:789): avc: denied { getattr } for pid=20774 comm="printconf-backe" name="[7217936]" dev=pipefs ino=7217936 scontext=root:system_r:cupsd_config_t tcontext=root:system_r:unconfined_t tclass=fifo_file
type=SYSCALL msg=audit(1133045911.757:789): arch=40000003 syscall=197 success=no exit=-13 a0=0 a1=bfd0fffc a2=960ff4 a3=b7ec4020 items=0 pid=20774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="printconf-backe" exe="/usr/bin/python" 

type=AVC_PATH msg=audit(1133045911.757:789):  path="pipe:[7217936]"
type=AVC msg=audit(1133045911.781:790): avc: denied { ioctl } for pid=20774 comm="printconf-backe" name="[7217936]" dev=pipefs ino=7217936 scontext=root:system_r:cupsd_config_t tcontext=root:system_r:unconfined_t tclass=fifo_file
type=SYSCALL msg=audit(1133045911.781:790): arch=40000003 syscall=54 success=no exit=-13 a0=0 a1=5401 a2=bfd0ffb8 a3=bfd0fff8 items=0 pid=20774 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 comm="printconf-backe" exe="/usr/bin/python" 

type=AVC_PATH msg=audit(1133045911.781:790):  path="pipe:[7217936]"
type=AVC msg=audit(1133045912.273:791): avc: denied { getattr } for pid=20787 comm="cups-pdf" name="SPOOL" dev=dm-0 ino=737988 scontext=root:system_r:cupsd_t tcontext=system_u:object_r:var_spool_t tclass=dir
type=SYSCALL msg=audit(1133045912.273:791): arch=40000003 syscall=195 success=no exit=-13 a0=8057f20 a1=bf9c9a6c a2=960ff4 a3=bf9c9a6c items=1 pid=20787 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 comm="cups-pdf" exe="/usr/lib/cups/backend/cups-pdf"
type=AVC_PATH msg=audit(1133045912.273:791): path="/var/spool/cups-pdf/SPOOL" 

type=CWD msg=audit(1133045912.273:791):  cwd="/"
type=PATH msg=audit(1133045912.273:791): item=0 name="/var/spool/cups-pdf/SPOOL" flags=1 inode=737988 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00 

--
                Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  findutils-selinux.patch critique (was Re: [patch] Recent findutils test suite failures), Tim Waugh
Next by Date:  How do I make a text file writable?, Oil Pine
Previous by Thread:  findutils-selinux.patch critique (was Re: [patch] Recent findutils test suite failures), Tim Waugh
Next by Thread:  Re: printer creation in RPM scriptlet, Daniel J Walsh
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
Recently Viewed:
qnx.openqnx.dev...    gcc.libstdc++.c...    solaris.opensol...    information-ret...    misc.misterhous...    web.catalyst.ge...    apache.webservi...    redhat.release....    hardware.lirc/2...    kernel.autofs/2...    technology.sust...    linux.vdr/2003-...    editors.lyx.gen...    org.user-groups...    netbsd.devel.pk...    xdg.devel/2004-...    version-control...    jakarta.slide.d...    debian.packages...    creativecommons...    ports.ppc.embed...    bug-tracking.bu...   
Home | blog view | USPTO Patent Archive | advertise | OSDir is an inevitable website. super tiny logo

Free Magazines

Cisco News
Receive a free quarterly e-newsletter with exclusive articles on how Cisco IT uses its own products and solutions to enable the business.
subscribe

Systems Management News, the newspaper for IT systems administration and data center managers! Each issue of Systems Management News is chock-full of news and analysis to help you understand what's happening in your field.
subscribe

The Enterprise Newsweekly eWeek is the essential technology information source for builders of e-business.
subscribe

Oracle Magazine Oracle Magazine contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more. Oracle (NASDAQ: ORCL) is the world's largest enterprise software company.
subscribe

Total Telecom Total Telecom is "The Economist of the communications industry".
subscribe