[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Lexmark - I'm impressed

Hi,

I just finished installation of my new printer at home: Lexmark Prospect
Pro209 on F16rc4 (fresh install on my wife's netbook). I used drivers
from lexmark (for Fedora 64bit) and... I saw this during installation:
[quote]
(...)

=============================
Execute: /usr/bin/checkmodule -M -m -o
/tmp/selfgz746922398/pkg/files/dbuspolicy.mod
/tmp/selfgz746922398/pkg/files/dbuspolicy.te

/usr/bin/checkmodule:  loading policy configuration from
/tmp/selfgz746922398/pkg/files/dbuspolicy.te
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 13) to
/tmp/selfgz746922398/pkg/files/dbuspolicy.mod
=============================

=============================
Execute: /usr/bin/semodule_package -o
/tmp/selfgz746922398/pkg/files/dbuspolicy.pp -m
/tmp/selfgz746922398/pkg/files/dbuspolicy.mod

=============================

=============================
Execute: /usr/sbin/semodule -i /tmp/selfgz746922398/pkg/files/dbuspolicy.pp

=============================

(...)

=============================
Execute: /usr/bin/checkmodule -M -m -o
/tmp/selfgz746922398/pkg/files/lxhcp.mod
/tmp/selfgz746922398/pkg/files/lxhcp.te

/usr/bin/checkmodule:  loading policy configuration from
/tmp/selfgz746922398/pkg/files/lxhcp.te
/usr/bin/checkmodule:  policy configuration loaded
/usr/bin/checkmodule:  writing binary representation (version 13) to
/tmp/selfgz746922398/pkg/files/lxhcp.mod
=============================

=============================
Execute: /usr/bin/semodule_package -o
/tmp/selfgz746922398/pkg/files/lxhcp.pp -m
/tmp/selfgz746922398/pkg/files/lxhcp.mod

=============================

=============================
Execute: /usr/sbin/semodule -i /tmp/selfgz746922398/pkg/files/lxhcp.pp

=============================
(...)
[/quote]
So i looked on this tw policy files:

[code]
$ cat dbuspolicy.te
module printfilter 1.0;

require {
type unconfined_t;
type cupsd_t;
class unix_stream_socket connectto;
};
#============= cupsd_t ==============
allow cupsd_t unconfined_t:unix_stream_socket connectto;

$ cat lxhcp.te

module lxhcp 1.0;

require {
        type howl_port_t;
        type cupsd_t;
        class udp_socket name_bind;
}

#============= cupsd_t ==============
allow cupsd_t howl_port_t:udp_socket name_bind;
[/code]
It seems, that not everybody (vendors for software/hardware) are
disabling SELinux. I checked printing in Enforcing mode and all works fine.


Regards

-- 
Artur Szymczak | RHCE: 100-001-734 | CAcert Assurer
RHCA, RHCSS, RHCX, CLE11, CNI, UCP-1, UCI, Linux+, LPIC-2
GPG: C03A 385E 5C10 82C5 6564 C1E9 3D6A 616E B15D 122D
http://CodzienneChodzenieZBogiem.blogspot.com/

--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux

[Fedora Users]     [Fedora Legacy]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite Photos]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

Powered by Linux
Google
  Web www.spinics.net