My wife got a Lexmark X2670 printer with her new laptop and I connected it to my Fedora 11 system, and downloaded the driver from Lexmark.
SELinux is preventing me from printing to it. At first I got 4 AVCs about attempting to load shared libraries that require text relocation. This I fixed with:
# semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)?' # restorecon -R -v /usr/local/lexmark/lxk08/lib
but now I'm getting this one:
Raw Audit Messages :
node=steve.blackwell type=AVC msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 comm="printdriver" name="lib" dev=dm-0 ino=7635564 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir
node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
What is the "correct" way to solve this? Create am audit2allow rule?
Thanks, Steve
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/03/2010 10:22 AM, Steve Blackwell wrote:
My wife got a Lexmark X2670 printer with her new laptop and I connected it to my Fedora 11 system, and downloaded the driver from Lexmark.
SELinux is preventing me from printing to it. At first I got 4 AVCs about attempting to load shared libraries that require text relocation. This I fixed with:
# semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)?' # restorecon -R -v /usr/local/lexmark/lxk08/lib
but now I'm getting this one:
Raw Audit Messages :
node=steve.blackwell type=AVC msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 comm="printdriver" name="lib" dev=dm-0 ino=7635564 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir
node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
What is the "correct" way to solve this? Create am audit2allow rule?
Thanks, Steve -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
# semanage fcontext -d -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)? # semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib/.*.so.*' # restorecon -R -v /usr/local/lexmark
On Mon, 03 May 2010 11:03:55 -0400 Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/03/2010 10:22 AM, Steve Blackwell wrote:
My wife got a Lexmark X2670 printer with her new laptop and I connected it to my Fedora 11 system, and downloaded the driver from Lexmark.
SELinux is preventing me from printing to it. At first I got 4 AVCs about attempting to load shared libraries that require text relocation. This I fixed with:
# semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)?' # restorecon -R -v /usr/local/lexmark/lxk08/lib
but now I'm getting this one:
Raw Audit Messages :
node=steve.blackwell type=AVC msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 comm="printdriver" name="lib" dev=dm-0 ino=7635564 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir
node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
What is the "correct" way to solve this? Create am audit2allow rule?
Thanks, Steve -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
# semanage fcontext -d -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)? # semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib/.*.so.*' # restorecon -R -v /usr/local/lexmark
That got it. Thanks, Dan. So the files in the lib directory were labeled correctly but the directory itself was not. It needed to be of type lib_t.
Steve
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/03/2010 11:18 AM, Steve Blackwell wrote:
On Mon, 03 May 2010 11:03:55 -0400 Daniel J Walsh dwalsh@redhat.com wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/03/2010 10:22 AM, Steve Blackwell wrote:
My wife got a Lexmark X2670 printer with her new laptop and I connected it to my Fedora 11 system, and downloaded the driver from Lexmark.
SELinux is preventing me from printing to it. At first I got 4 AVCs about attempting to load shared libraries that require text relocation. This I fixed with:
# semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)?' # restorecon -R -v /usr/local/lexmark/lxk08/lib
but now I'm getting this one:
Raw Audit Messages :
node=steve.blackwell type=AVC msg=audit(1272894966.836:66): avc: denied { search } for pid=29536 comm="printdriver" name="lib" dev=dm-0 ino=7635564 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:textrel_shlib_t:s0 tclass=dir
node=steve.blackwell type=SYSCALL msg=audit(1272894966.836:66): arch=40000003 syscall=5 success=no exit=-13 a0=93cf620 a1=0 a2=0 a3=389660 items=0 ppid=1655 pid=29536 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="printdriver" exe="/usr/local/lexmark/lxk08/bin/printdriver" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
What is the "correct" way to solve this? Create am audit2allow rule?
Thanks, Steve -- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
# semanage fcontext -d -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib(/.*)? # semanage fcontext -a -t textrel_shlib_t '/usr/local/lexmark/lxk08/lib/.*.so.*' # restorecon -R -v /usr/local/lexmark
That got it. Thanks, Dan. So the files in the lib directory were labeled correctly but the directory itself was not. It needed to be of type lib_t.
Steve
selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Yes
selinux@lists.fedoraproject.org