2007-02-09

fixing SELinux permissions

A simple look at fixing issues with SELinux.

restoring /etc/cups from a backup, caused cups to break.

Here is the error message.
Feb  9 09:28:13 hostname kernel: audit(1171038493.185:76): avc:  denied  { read } for
  pid=6918 comm="cupsd" name="services" dev=sda1 ino=2586231 scontext=user_u:system_r:cupsd_t:s0-s0:c0.c1023
 tcontext=user_u:object_r:rpm_script_tmp_t:s0 tclass=file
Feb  9 09:28:13 hostname cupsd: Unable to read configuration file '/etc/cups/cupsd.conf' - exiting!
Looks to be a SElinux issue. Luckily I kept the original files.
$ ls -Z /etc/cups.orig/
-rw-------  root lp   system_u:object_r:cupsd_rw_etc_t classes.conf
-rw-r--r--  root lp   system_u:object_r:etc_t          client.conf
-rw-r-----  root lp   system_u:object_r:cupsd_rw_etc_t cupsd.conf
-rw-r-----  root lp   system_u:object_r:cupsd_rw_etc_t cupsd.conf.default
drwxr-xr-x  root root system_u:object_r:cupsd_etc_t    interfaces
-rw-r--r--  root root system_u:object_r:cupsd_rw_etc_t lpoptions
-rw-r--r--  root root system_u:object_r:cupsd_etc_t    mime.convs
-rw-r--r--  root root system_u:object_r:cupsd_etc_t    mime.types
-rw-r--r--  root lp   system_u:object_r:cupsd_etc_t    pdftops.conf
drwxr-xr-x  root lp   system_u:object_r:cupsd_etc_t    ppd
-rw-------  root lp   system_u:object_r:cupsd_rw_etc_t printers.conf
-rw-------  root lp   system_u:object_r:cupsd_rw_etc_t printers.conf.O
-rw-r--r--  root root system_u:object_r:cupsd_etc_t    pstoraster.convs
-rw-r--r--  root lp   system_u:object_r:cupsd_etc_t    snmp.conf
drwx------  root lp   system_u:object_r:cupsd_etc_t    ssl
$ ls -Z /etc/cups/
-rw-r--r--  root lp user_u:object_r:user_home_t      client.conf
-rw-r-----  root lp user_u:object_r:user_home_t      cupsd.conf
-rw-r-----  root lp user_u:object_r:user_home_t      cupsd.conf.default
drwxr-xr-x  root lp user_u:object_r:user_home_t      interfaces
-rw-r--r--  root lp user_u:object_r:user_home_t      mime.convs
-rw-r--r--  root lp user_u:object_r:user_home_t      mime.types
-rw-r--r--  root lp user_u:object_r:user_home_t      pdftops.conf
drwxr-xr-x  root lp user_u:object_r:user_home_t      ppd
-rw-------  root lp user_u:object_r:user_home_t      printers.conf
-rw-------  root lp user_u:object_r:user_home_t      printers.conf.O
-rw-r--r--  root lp user_u:object_r:user_home_t      pstoraster.convs
-rw-r--r--  root lp user_u:object_r:user_home_t      snmp.conf
drwx------  root lp user_u:object_r:user_home_t      ssl
$ for i in *;do echo "sudo chcon --reference ../cups.orig/$i $i";done
chcon --reference ../cups.orig/client.conf client.conf
chcon --reference ../cups.orig/cupsd.conf cupsd.conf
chcon --reference ../cups.orig/cupsd.conf.default cupsd.conf.default
chcon --reference ../cups.orig/interfaces interfaces
chcon --reference ../cups.orig/mime.convs mime.convs
chcon --reference ../cups.orig/mime.types mime.types
chcon --reference ../cups.orig/pdftops.conf pdftops.conf
chcon --reference ../cups.orig/ppd ppd
chcon --reference ../cups.orig/printers.conf printers.conf
chcon --reference ../cups.orig/printers.conf.O printers.conf.O
chcon --reference ../cups.orig/pstoraster.convs pstoraster.convs
chcon --reference ../cups.orig/snmp.conf snmp.conf
chcon --reference ../cups.orig/ssl ssl
$ for i in *;do echo "sudo chcon --reference ../cups.orig/$i $i";done|sh
$ sudo chcon --reference=/etc/cups.orig /etc/cups
$ sudo /etc/init.d/cups start
Starting cups:                                             [  OK  ]
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)