Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 19/20 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 3rd June 2012, 06:08 PM
JarodOnTheNet Offline
Registered User
 
Join Date: Sep 2009
Posts: 11
linuxfedorafirefox
[ Resolved] SELINUX block my printer Samsung CLP-310



Hi all,

A have installed a Samsung CLP-310 printer with the drivers provided by SamSung and when the level of SELINUX is ENFORCED, impossible to print correctly.

In permissive mode, no trouble.

I have configured SELINUX with these commands :

# /sbin/restorecon -v /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2
# grep rastertosamsung /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

But when I active the mode enforced again and after rebooting my laptop (Fedora 14), SELINUX block again the printer.

Can you help me ?


Here is the log of the selinux alerting module :

SELinux is preventing /usr/lib/cups/filter/rastertosamsungsplc from open access on the fichier /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2.

***** Plugin restorecon (99.5 confiance) suggéré*****************************

Siyou want to fix the label.
/usr/share/cups/model/samsung/cms/CLP-310-600x600cms2 default label should be bin_t.
Alorsyou can run restorecon.
Faire
# /sbin/restorecon -v /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2

***** Plugin catchall (1.49 confiance) suggéré*******************************

Siyou believe that rastertosamsungsplc should be allowed open access on the CLP-310-600x600cms2 file by default.
Alorsyou should report this as a bug.
You can generate a local policy module to allow this access.
Faire
allow this access for now by executing:
# grep rastertosamsung /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Contexte source system_u:system_r:cupsd_t:s0-s0:c0.c1023
Contexte cible unconfined_u:object_r:user_home_t:s0
Objets du contexte /usr/share/cups/model/samsung/cms/CLP-310-600x600c
ms2 [ file ]
Source rastertosamsung
Chemin de la source /usr/lib/cups/filter/rastertosamsungsplc
Port <Inconnu>
Hôte ulysse-linux.easypcnet.lan
Paquetages RPM source
Paquetages RPM cible
RPM de la statégie selinux-policy-3.9.7-46.fc14
Selinux activé True
Type de stratégie targeted
Mode strict Enforcing
Nom de l'hôte ulysse-linux.easypcnet.lan
Plateforme Linux ulysse-linux.easypcnet.lan
2.6.35.14-106.fc14.i686.PAE #1 SMP Wed Nov 23
13:39:51 UTC 2011 i686 i686
Compteur d'alertes 3
Première alerte sam 02 jun 2012 19:48:59 CEST
Dernière alerte sam 02 jun 2012 20:04:32 CEST
ID local bfa03288-a3c6-419a-aedb-b3b972bb87e0

Messages d'audit bruts
type=AVC msg=audit(1338660272.23:25410): avc: denied { open } for pid=4418 comm="pscms" name="CLP-310-600x600cms2" dev=sda3 ino=144159 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1338660272.23:25410): arch=i386 syscall=open per=400000 success=no exit=EACCES a0=bff68c53 a1=0 a2=1b6 a3=8049791 items=0 ppid=4415 pid=4418 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=pscms exe=/usr/lib/cups/filter/pscms subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

Hash: rastertosamsung,cupsd_t,user_home_t,file,open

audit2allow

#============= cupsd_t ==============
allow cupsd_t user_home_t:file open;

audit2allow -R

#============= cupsd_t ==============
allow cupsd_t user_home_t:file open;

Last edited by JarodOnTheNet; 6th June 2012 at 07:04 PM.
Reply With Quote
  #2  
Old 4th June 2012, 12:23 PM
domg472 Offline
SELinux Contributor
 
Join Date: May 2008
Posts: 623
linuxfirefox
Re: SELINUX block my printer Samsung CLP-310

Code:
ls -alZ /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2
what does it say?
__________________
Come join us on #fedora-selinux on irc.freenode.org
http://docs.fedoraproject.org/selinu...ide/f10/en-US/
Reply With Quote
  #3  
Old 4th June 2012, 06:22 PM
JarodOnTheNet Offline
Registered User
 
Join Date: Sep 2009
Posts: 11
linuxfedorafirefox
Re: SELINUX block my printer Samsung CLP-310

Quote:
Originally Posted by domg472 View Post
Code:
ls -alZ /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2
what does it say?
Hi,

-r--r--r--. root root system_u:object_r:cupsd_etc_t:s0 /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2

2 local accounts using the printer (vef and pag)
Reply With Quote
  #4  
Old 4th June 2012, 06:27 PM
domg472 Offline
SELinux Contributor
 
Join Date: May 2008
Posts: 623
linuxfirefox
Re: SELINUX block my printer Samsung CLP-310

ok so that particular issue should be solved now. you have mv'd that file from your home directory to that location.

---------- Post added at 09:27 AM ---------- Previous post was at 09:23 AM ----------

try again and see if it works or if you get new error reports.

the error report you pastedabove should no longer apply
__________________
Come join us on #fedora-selinux on irc.freenode.org
http://docs.fedoraproject.org/selinu...ide/f10/en-US/
Reply With Quote
  #5  
Old 4th June 2012, 06:32 PM
JarodOnTheNet Offline
Registered User
 
Join Date: Sep 2009
Posts: 11
linuxfedorafirefox
Re: SELINUX block my printer Samsung CLP-310

Quote:
Originally Posted by domg472 View Post
ok so that particular issue should be solved now. you have mv'd that file from your home directory to that location.

---------- Post added at 09:27 AM ---------- Previous post was at 09:23 AM ----------

try again and see if it works or if you get new error reports.

the error report you pastedabove should no longer apply
I dont understand. I have installed the driver under root account but pag and vef accounts must use the printer.

I haven't mv'd files from my home directory ?

Do I copy this file and where ?

Thanks
Reply With Quote
  #6  
Old 4th June 2012, 06:35 PM
domg472 Offline
SELinux Contributor
 
Join Date: May 2008
Posts: 623
linuxfirefox
Re: SELINUX block my printer Samsung CLP-310

reproduce the printing problem and paste any (new) error reports (selinux alerts) that you are seeing.

I need to see error reports (avc denials) in order to be able to help you
__________________
Come join us on #fedora-selinux on irc.freenode.org
http://docs.fedoraproject.org/selinu...ide/f10/en-US/
Reply With Quote
  #7  
Old 5th June 2012, 05:56 PM
domg472 Offline
SELinux Contributor
 
Join Date: May 2008
Posts: 623
linuxfirefox
Re: SELINUX block my printer Samsung CLP-310

I just had another person dtop by #fedora-selinux with a similar issue.

turns out that this pos smasung unified driver installer moves files from $HOME to all over the place which breaks stuff.

you might want to:

restorecon -R -v /usr/lib64
restorecon -R -v /usr/lib
restorecon -R -v /usr/share

That should fix the issues
__________________
Come join us on #fedora-selinux on irc.freenode.org
http://docs.fedoraproject.org/selinu...ide/f10/en-US/
Reply With Quote
  #8  
Old 5th June 2012, 07:25 PM
JarodOnTheNet Offline
Registered User
 
Join Date: Sep 2009
Posts: 11
linuxfedorafirefox
Re: SELINUX block my printer Samsung CLP-310

Quote:
Originally Posted by domg472 View Post
I just had another person dtop by #fedora-selinux with a similar issue.

turns out that this pos smasung unified driver installer moves files from $HOME to all over the place which breaks stuff.

you might want to:

restorecon -R -v /usr/lib64
restorecon -R -v /usr/lib
restorecon -R -v /usr/share

That should fix the issues
Hi,

I try and let you know the issue ASAP.

Thanks !
Reply With Quote
  #9  
Old 6th June 2012, 07:03 PM
JarodOnTheNet Offline
Registered User
 
Join Date: Sep 2009
Posts: 11
linuxfedorafirefox
Re: SELINUX block my printer Samsung CLP-310

Quote:
Originally Posted by JarodOnTheNet View Post
Hi,

I try and let you know the issue ASAP.

Thanks !
Hi,

restorecon -R -v /usr/lib64
restorecon -R -v /usr/lib
restorecon -R -v /usr/share

That fix the issues ! It works in enforcing mode.


By mistake, I have changed one processus in the domain processus : Ada is passed from blank to permissive mode. How can I passed it to permissive mode to blank ?


Thanks a lot
Reply With Quote
Reply

Tags
block, clp310, printer, samsung, selinux

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
hplip block on LPT printer bizar Using Fedora 3 16th October 2009 07:36 PM
Samsung Ml-2010 Printer help urzasrage Hardware & Laptops 0 14th October 2006 09:00 PM
My new Samsung printer *desk* Using Fedora 24 8th April 2006 10:39 AM


Current GMT-time: 21:17 (Thursday, 23-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Ranipur Photos on Instagram - Kamenjane - Aliganj Travel Photos on Instagram