SELINUX block my printer Samsung CLP-310
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 9 of 9
  1. #1
    Join Date
    Sep 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    [ Resolved] SELINUX block my printer Samsung CLP-310



    Hi all,

    A have installed a Samsung CLP-310 printer with the drivers provided by SamSung and when the level of SELINUX is ENFORCED, impossible to print correctly.

    In permissive mode, no trouble.

    I have configured SELINUX with these commands :

    # /sbin/restorecon -v /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2
    # grep rastertosamsung /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

    But when I active the mode enforced again and after rebooting my laptop (Fedora 14), SELINUX block again the printer.

    Can you help me ?


    Here is the log of the selinux alerting module :

    SELinux is preventing /usr/lib/cups/filter/rastertosamsungsplc from open access on the fichier /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2.

    ***** Plugin restorecon (99.5 confiance) suggéré*****************************

    Siyou want to fix the label.
    /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2 default label should be bin_t.
    Alorsyou can run restorecon.
    Faire
    # /sbin/restorecon -v /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2

    ***** Plugin catchall (1.49 confiance) suggéré*******************************

    Siyou believe that rastertosamsungsplc should be allowed open access on the CLP-310-600x600cms2 file by default.
    Alorsyou should report this as a bug.
    You can generate a local policy module to allow this access.
    Faire
    allow this access for now by executing:
    # grep rastertosamsung /var/log/audit/audit.log | audit2allow -M mypol
    # semodule -i mypol.pp

    Additional Information:
    Contexte source system_u:system_r:cupsd_t:s0-s0:c0.c1023
    Contexte cible unconfined_u:object_r:user_home_t:s0
    Objets du contexte /usr/share/cups/model/samsung/cms/CLP-310-600x600c
    ms2 [ file ]
    Source rastertosamsung
    Chemin de la source /usr/lib/cups/filter/rastertosamsungsplc
    Port <Inconnu>
    Hôte ulysse-linux.easypcnet.lan
    Paquetages RPM source
    Paquetages RPM cible
    RPM de la statégie selinux-policy-3.9.7-46.fc14
    Selinux activé True
    Type de stratégie targeted
    Mode strict Enforcing
    Nom de l'hôte ulysse-linux.easypcnet.lan
    Plateforme Linux ulysse-linux.easypcnet.lan
    2.6.35.14-106.fc14.i686.PAE #1 SMP Wed Nov 23
    13:39:51 UTC 2011 i686 i686
    Compteur d'alertes 3
    Première alerte sam 02 jun 2012 19:48:59 CEST
    Dernière alerte sam 02 jun 2012 20:04:32 CEST
    ID local bfa03288-a3c6-419a-aedb-b3b972bb87e0

    Messages d'audit bruts
    type=AVC msg=audit(1338660272.23:25410): avc: denied { open } for pid=4418 comm="pscms" name="CLP-310-600x600cms2" dev=sda3 ino=144159 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


    type=SYSCALL msg=audit(1338660272.23:25410): arch=i386 syscall=open per=400000 success=no exit=EACCES a0=bff68c53 a1=0 a2=1b6 a3=8049791 items=0 ppid=4415 pid=4418 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=pscms exe=/usr/lib/cups/filter/pscms subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

    Hash: rastertosamsung,cupsd_t,user_home_t,file,open

    audit2allow

    #============= cupsd_t ==============
    allow cupsd_t user_home_t:file open;

    audit2allow -R

    #============= cupsd_t ==============
    allow cupsd_t user_home_t:file open;
    Last edited by JarodOnTheNet; 6th June 2012 at 07:04 PM.

  2. #2
    Join Date
    May 2008
    Posts
    623
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    Code:
    ls -alZ /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2
    what does it say?
    Come join us on #fedora-selinux on irc.freenode.org
    http://docs.fedoraproject.org/selinu...ide/f10/en-US/

  3. #3
    Join Date
    Sep 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    Quote Originally Posted by domg472
    Code:
    ls -alZ /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2
    what does it say?
    Hi,

    -r--r--r--. root root system_u:object_r:cupsd_etc_t:s0 /usr/share/cups/model/samsung/cms/CLP-310-600x600cms2

    2 local accounts using the printer (vef and pag)

  4. #4
    Join Date
    May 2008
    Posts
    623
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    ok so that particular issue should be solved now. you have mv'd that file from your home directory to that location.

    ---------- Post added at 09:27 AM ---------- Previous post was at 09:23 AM ----------

    try again and see if it works or if you get new error reports.

    the error report you pastedabove should no longer apply
    Come join us on #fedora-selinux on irc.freenode.org
    http://docs.fedoraproject.org/selinu...ide/f10/en-US/

  5. #5
    Join Date
    Sep 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    Quote Originally Posted by domg472
    ok so that particular issue should be solved now. you have mv'd that file from your home directory to that location.

    ---------- Post added at 09:27 AM ---------- Previous post was at 09:23 AM ----------

    try again and see if it works or if you get new error reports.

    the error report you pastedabove should no longer apply
    I dont understand. I have installed the driver under root account but pag and vef accounts must use the printer.

    I haven't mv'd files from my home directory ?

    Do I copy this file and where ?

    Thanks

  6. #6
    Join Date
    May 2008
    Posts
    623
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    reproduce the printing problem and paste any (new) error reports (selinux alerts) that you are seeing.

    I need to see error reports (avc denials) in order to be able to help you
    Come join us on #fedora-selinux on irc.freenode.org
    http://docs.fedoraproject.org/selinu...ide/f10/en-US/

  7. #7
    Join Date
    May 2008
    Posts
    623
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    I just had another person dtop by #fedora-selinux with a similar issue.

    turns out that this pos smasung unified driver installer moves files from $HOME to all over the place which breaks stuff.

    you might want to:

    restorecon -R -v /usr/lib64
    restorecon -R -v /usr/lib
    restorecon -R -v /usr/share

    That should fix the issues
    Come join us on #fedora-selinux on irc.freenode.org
    http://docs.fedoraproject.org/selinu...ide/f10/en-US/

  8. #8
    Join Date
    Sep 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    Quote Originally Posted by domg472
    I just had another person dtop by #fedora-selinux with a similar issue.

    turns out that this pos smasung unified driver installer moves files from $HOME to all over the place which breaks stuff.

    you might want to:

    restorecon -R -v /usr/lib64
    restorecon -R -v /usr/lib
    restorecon -R -v /usr/share

    That should fix the issues
    Hi,

    I try and let you know the issue ASAP.

    Thanks !

  9. #9
    Join Date
    Sep 2009
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Re: SELINUX block my printer Samsung CLP-310

    Quote Originally Posted by JarodOnTheNet
    Hi,

    I try and let you know the issue ASAP.

    Thanks !
    Hi,

    restorecon -R -v /usr/lib64
    restorecon -R -v /usr/lib
    restorecon -R -v /usr/share

    That fix the issues ! It works in enforcing mode.


    By mistake, I have changed one processus in the domain processus : Ada is passed from blank to permissive mode. How can I passed it to permissive mode to blank ?


    Thanks a lot

Similar Threads

  1. hplip block on LPT printer
    By bizar in forum Using Fedora
    Replies: 3
    Last Post: 16th October 2009, 07:36 PM
  2. Samsung Ml-2010 Printer help
    By urzasrage in forum Hardware
    Replies: 0
    Last Post: 14th October 2006, 09:00 PM
  3. My new Samsung printer
    By *desk* in forum Using Fedora
    Replies: 24
    Last Post: 8th April 2006, 10:39 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •