SElinux blocking printer
New green horn to centos this is a new install, I have a Brother MFC J485dw printer I install all the driver the printer is showing up and show it as waiting to print but a message was coming up telling it block from printing by SElinux i think it blocking cups here what SElinux troubleshooter tell me, any ideas Thanks
SELinux is preventing /opt/brother/Printers/mfcj480dw/cupswrapper/brcupsconfpt1 from execute access on the file /etc/ld.so.cache. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that brcupsconfpt1 should be allowed execute access on the ld.so.cache file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep brcupsconfpt1 /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:ld_so_cache_t:s0 Target Objects /etc/ld.so.cache [ file ] Source brcupsconfpt1 Source Path /opt/brother/Printers/mfcj480dw/cupswrapper/brcups confpt1 Port <Unknown> Host localhost.localdomain Source RPM Packages mfcj480dwlpr-1.0.0-0.i386 Target RPM Packages glibc-2.17-106.el7_2.4.x86_64 glibc-2.17-106.el7_2.4.i686 Policy RPM selinux-policy-3.13.1-60.el7_2.3.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.10.0-327.10.1.el7.x86_64 #1 SMP Tue Feb 16 17:03:50 UTC 2016 x86_64 x86_64 Alert Count 88 First Seen 2016-03-10 19:04:06 CST Last Seen 2016-03-10 22:19:10 CST Local ID 362bbd0e-b646-483e-92ad-49ca20a018da Raw Audit Messages type=AVC msg=audit(1457669950.985:662): avc: denied { execute } for pid=10235 comm="brmfcj480dwfilt" path="/etc/ld.so.cache" dev="dm-0" ino=140160984 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ld_so_cache_t:s0 tclass=file type=SYSCALL msg=audit(1457669950.985:662): arch=i386 syscall=lgetxattr per=400000 success=no exit=EACCES a0=0 a1=15699 a2=1 a3=2 items=0 ppid=10131 pid=10235 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=brmfcj480dwfilt exe=/opt/brother/Printers/mfcj480dw/lpd/brmfcj480dwfilter subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash: brcupsconfpt1,cupsd_t,ld_so_cache_t,file,execute |
/etc/ld.so.cache is not an executable file. It makes no sense that brcupsconfpt1 would be trying to execute it. That exec() call is going to fail anyway. Try running in permissive mode to see if SELinux is really the issue. I suspect that the AVC denial is just noise and the problem is elsewhere.
|
" /opt/brother/Printers "
that is a NON standard location and likley not even in the system path ( unless you manually edited /etc/profile ) HOW exactly did you " I install all the driver the printer" ???? cups should have seen it did you use the normal cups web interface ? http://localhost:631/ the link above is YOUR computer click it and set up with that |
The printer was install by downloading the drivers from Brothers site then application installer install them , I try doing cups but say "Forbidden"
|
you do need to be root
a pop up asking for the root password will pop up on the cups 631 port select add new printer and select from the list most printers are listed https://access.redhat.com/documentat...g_Printer.html recheck the security policy https://access.redhat.com/documentat...olicy-x86.html |
All times are GMT -5. The time now is 09:00 PM. |