LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   CentOS (https://www.linuxquestions.org/questions/centos-111/)
-   -   SElinux blocking printer (https://www.linuxquestions.org/questions/centos-111/selinux-blocking-printer-4175574573/)

gatliffe 03-10-2016 10:43 PM
SElinux blocking printer
 
New green horn to centos this is a new install, I have a Brother MFC J485dw printer I install all the driver the printer is showing up and show it as waiting to print but a message was coming up telling it block from printing by SElinux i think it blocking cups here what SElinux troubleshooter tell me, any ideas Thanks

SELinux is preventing /opt/brother/Printers/mfcj480dw/cupswrapper/brcupsconfpt1 from execute access on the file /etc/ld.so.cache.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that brcupsconfpt1 should be allowed execute access on the ld.so.cache file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep brcupsconfpt1 /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context system_u:object_r:ld_so_cache_t:s0
Target Objects /etc/ld.so.cache [ file ]
Source brcupsconfpt1
Source Path /opt/brother/Printers/mfcj480dw/cupswrapper/brcups
confpt1
Port <Unknown>
Host localhost.localdomain
Source RPM Packages mfcj480dwlpr-1.0.0-0.i386
Target RPM Packages glibc-2.17-106.el7_2.4.x86_64
glibc-2.17-106.el7_2.4.i686
Policy RPM selinux-policy-3.13.1-60.el7_2.3.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain
3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16
17:03:50 UTC 2016 x86_64 x86_64
Alert Count 88
First Seen 2016-03-10 19:04:06 CST
Last Seen 2016-03-10 22:19:10 CST
Local ID 362bbd0e-b646-483e-92ad-49ca20a018da

Raw Audit Messages
type=AVC msg=audit(1457669950.985:662): avc: denied { execute } for pid=10235 comm="brmfcj480dwfilt" path="/etc/ld.so.cache" dev="dm-0" ino=140160984 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=file


type=SYSCALL msg=audit(1457669950.985:662): arch=i386 syscall=lgetxattr per=400000 success=no exit=EACCES a0=0 a1=15699 a2=1 a3=2 items=0 ppid=10131 pid=10235 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=brmfcj480dwfilt exe=/opt/brother/Printers/mfcj480dw/lpd/brmfcj480dwfilter subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

Hash: brcupsconfpt1,cupsd_t,ld_so_cache_t,file,execute

rknichols 03-11-2016 08:48 AM
/etc/ld.so.cache is not an executable file. It makes no sense that brcupsconfpt1 would be trying to execute it. That exec() call is going to fail anyway. Try running in permissive mode to see if SELinux is really the issue. I suspect that the AVC denial is just noise and the problem is elsewhere.

John VV 03-11-2016 01:21 PM
" /opt/brother/Printers "
that is a NON standard location and likley not even in the system path ( unless you manually edited /etc/profile )

HOW exactly did you " I install all the driver the printer" ????

cups should have seen it

did you use the normal cups web interface ?

http://localhost:631/

the link above is YOUR computer

click it and set up with that

gatliffe 03-11-2016 03:39 PM
The printer was install by downloading the drivers from Brothers site then application installer install them , I try doing cups but say "Forbidden"

John VV 03-11-2016 04:06 PM
you do need to be root
a pop up asking for the root password will pop up on the cups 631 port

select add new printer and select from the list

most printers are listed

https://access.redhat.com/documentat...g_Printer.html

recheck the security policy
https://access.redhat.com/documentat...olicy-x86.html


All times are GMT -5. The time now is 09:00 PM.