Running strict/enforcing, latest Rawhide.
Each time I boot, /etc/cups/lpoptions appears to be created with the 'wrong' type: cupsd_etc_t instead of cupsd_rw_etc_t.
Printing from firefox produces the following avc's complaining about accessing /etc/cups/lpoptions in either case.
Does mozilla_macros.te need: ifdef(`cups.te', ` allow $1_mozilla_t cupsd_etc_t:dir search; +allow user_mozilla_t cupsd_rw_etc_t:file read; ')
I'm still working on figuring out why lpoptions is getting the wrong type.....
tom
Dec 2 07:27:56 fedora kernel: audit(1102001276.342:0): avc: denied { read } for pid=3363 exe=/usr/lib/firefox-1.0/firefox-bin name=lpoptions dev=hda2 ino=4474994 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:cupsd_rw_etc_t tclass=file Dec 2 07:27:56 fedora kernel: audit(1102001276.695:0): avc: denied { read } for pid=3363 exe=/usr/lib/firefox-1.0/firefox-bin name=lpoptions dev=hda2 ino=4474994 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:cupsd_rw_etc_t tclass=file Dec 2 07:28:00 fedora kernel: audit(1102001280.378:0): avc: denied { read } for pid=3363 exe=/usr/lib/firefox-1.0/firefox-bin name=lpoptions dev=hda2 ino=4474994 scontext=user_u:user_r:user_mozilla_t tcontext=system_u:object_r:cupsd_rw_etc_t tclass=file
selinux@lists.fedoraproject.org