Hi, I have an attached printer on a SL5.3 system. SELinux prevents printing with the following sealert message:
Summary: SELinux is preventing hp (hplip_t) "read write" to socket (cupsd_t). Detailed Description: SELinux denied access requested by hp. It is not expected that this access is required by hp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:hplip_t:SystemLow-SystemHigh Target Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Objects socket [ unix_stream_socket ] Source hp Source Path /usr/lib/cups/backend/hp Port <Unknown> Host beauty Source RPM Packages hplip-1.6.7-4.1.el5_2.4 Target RPM Packages Policy RPM selinux-policy-2.4.6-203.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name beauty Platform Linux beauty 2.6.18-128.1.6.el5 #1 SMP Wed Apr 1 07:03:59 EDT 2009 i686 i686 Alert Count 8 First Seen Thu Apr 23 11:19:05 2009 Last Seen Wed May 6 14:30:08 2009 Local ID ba70412d-c28b-4706-a7b4-307382d8e97e Line Numbers Raw Audit Messages host=beauty type=AVC msg=audit(1241645408.355:12867): avc: denied { read write } for pid=7124 comm="hp" path="socket:[587466]" dev=sockfs ino=587466 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=unix_stream_socket host=beauty type=AVC msg=audit(1241645408.355:12867): avc: denied { read write } for pid=7124 comm="hp" path="socket:[587465]" dev=sockfs ino=587465 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=unix_stream_socket host=beauty type=AVC msg=audit(1241645408.355:12867): avc: denied { read write } for pid=7124 comm="hp" path="socket:[587466]" dev=sockfs ino=587466 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=unix_stream_socket host=beauty type=SYSCALL msg=audit(1241645408.355:12867): arch=40000003 syscall=11 success=yes exit=0 a0=bfe57794 a1=834afd8 a2=bfe560e0 a3=bfe55ea0 items=0 ppid=2608 pid=7124 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:hplip_t:s0-s0:c0.c1023 key=(null) Other than turning off SELinux, how may this be fixed? Is there an update coming which will fix this problem? NOTE: This problem is not experienced when printing to networked printers. Philip