RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
Hey guys It's an interesting discussion > > > > Refusing to to use, accept and learn SELinux will serve you no good in > > the long run. > > See above. Security is a trade-off between trouble saved by having > security, and caused by the security itself. Today, We had the local council workers digging up our road and blocking us in, claiming it was because a sink-hole had developed and had to be fixed for safety reasons. So they scraped off the top surface, and relaid tarmac over it. Sink hole neatly hidden. Security box ticked, inconvenience box ticked, safety - we wait and see. BTW Today is the last day of our financial year and the the remaining road works fund had to be spent. If you've watched "Yes, Minister" you will know what that means. Anyway, I digress. Some of my servers are now SELinux enforcing, others await testing. Cheers Bill
Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
Nonsense. Haven't met a distro yet that has SELinux correctly setup from the gitgo. It still doesn't completely like samba on my 6.6 install, for example. I had to make some "fake" changes to get something else rather pedestrian to work. (It's in the archives some time back with projected fix pushed all the way out to 6.7.) {^_^} On 2016-06-29 03:12, David Sommerseth wrote: On 29/06/16 10:00, Bill Maidment wrote: My final attempt was successful, sort of. I switched SElinux to enabled and rebooted, then the install worked OK. Then I had to use a live CD to be able to boot, changed SElinux to disabled, and reboot again. Then I had to us lpoptions to set the default parameters as the CUPS gui tool refused to change anything. Phew. What a tortuous route. Back to sleep now. Let this be an example why NOT to disable SELinux. SELinux has been (if my memory serves me right) available since Fedora 6 (released in 2006) and RHEL *4*! I believe it was turned on by default in Fedora 8 and RHEL 5. And in RHEL 6 you could no longer disable SELinux at install time. SELinux is not the obstacle it once was over a decade ago. So if you have issues when it is enabled, learn to use the proper tools to debug and fix it correctly. (audit2why, audit2allow, semanage, restorecon, etc, etc) Disabling SELinux is in 2016 *not* a solution and can barely be considered a workaround. Refusing to to use, accept and learn SELinux will serve you no good in the long run. Seriously, I've been running a various amount of Fedora, RHEL/SL/CentOS installations and versions over the last 8-9 years. In SL7 SELinux have not bitten me much at all (only one issue with logrotate on servers running Zimbra Collaboration Suite, that's all). I have the last 6-7 years never needed to disable SELinux to accomplish my tasks. Yes, I've put systems into permissive modes to see if SELinux was to blame, but mostly that was not the issue. So if you are badly hit by SELinux troubles, you need to look into if you or the software you use are doing the right things. -- kind regards, David Sommerseth -Original message- From:Bill MaidmentSent: Wednesday 29th June 2016 16:34 To: Akemi Yagi ; SL Users Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver Well I've heard back from Brother and they suggest that my SElinux set up has a problem. They recommended that I do semodule -vR This gave me exactly the same error messages. Then I did semodule -vB which worked OK, but repeating semodule -vR still gives [root@ferguson src]# semodule -vB Committing changes: Ok: transaction number 0. [root@ferguson src]# semodule -vR SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory). [root@ferguson src]# This is happening on two different SL 7.2 machines with SElinux installed but disabled. I even tried uninstalling selinux* but that got me into deeper trouble. [root@ferguson src]# rpm -qv selinux-policy selinux-policy-3.13.1-60.el7_2.7.noarch Is there an issue with this version of selinux??? Cheers Bill -Original message- From:Bill Maidment Sent: Saturday 25th June 2016 17:26 To: Akemi Yagi ; SL Users Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver Thanks for the suggestion Akemi. Unfortunately, it made no difference. I'm awaiting comment from Brother, but I suspect they will say change to Ubuntu :-( Cheers Bill -Original message- From:Akemi Yagi Sent: Saturday 25th June 2016 1:10 To: SL Users Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment wrote: Has anyone any suggestions how to get a Brother HL-3150CDN printer driver installed on SL7. I have been trying to install using the Brother supplied installation script, which worked OK on SL6. With SL7 I get error messages such as: SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory The file in question does exist, but I have selinux disabled anyway. SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that an issue? I guess the Brother script is a bit out of date as it was created in 2012.
Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
On 29/06/16 10:00, Bill Maidment wrote: > My final attempt was successful, sort of. > I switched SElinux to enabled and rebooted, then the install worked OK. > Then I had to use a live CD to be able to boot, changed SElinux to disabled, > and reboot again. > Then I had to us lpoptions to set the default parameters as the CUPS gui tool > refused to change anything. > Phew. What a tortuous route. > Back to sleep now. Let this be an example why NOT to disable SELinux. SELinux has been (if my memory serves me right) available since Fedora 6 (released in 2006) and RHEL *4*! I believe it was turned on by default in Fedora 8 and RHEL 5. And in RHEL 6 you could no longer disable SELinux at install time. SELinux is not the obstacle it once was over a decade ago. So if you have issues when it is enabled, learn to use the proper tools to debug and fix it correctly. (audit2why, audit2allow, semanage, restorecon, etc, etc) Disabling SELinux is in 2016 *not* a solution and can barely be considered a workaround. Refusing to to use, accept and learn SELinux will serve you no good in the long run. Seriously, I've been running a various amount of Fedora, RHEL/SL/CentOS installations and versions over the last 8-9 years. In SL7 SELinux have not bitten me much at all (only one issue with logrotate on servers running Zimbra Collaboration Suite, that's all). I have the last 6-7 years never needed to disable SELinux to accomplish my tasks. Yes, I've put systems into permissive modes to see if SELinux was to blame, but mostly that was not the issue. So if you are badly hit by SELinux troubles, you need to look into if you or the software you use are doing the right things. -- kind regards, David Sommerseth > > -Original message- >> From:Bill Maidment>> Sent: Wednesday 29th June 2016 16:34 >> To: Akemi Yagi ; SL Users >> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN >> printer driver >> >> Well I've heard back from Brother and they suggest that my SElinux set up >> has a problem. They recommended that I do >> semodule -vR >> This gave me exactly the same error messages. Then I did semodule -vB which >> worked OK, but repeating semodule -vR still gives >> >> [root@ferguson src]# semodule -vB >> Committing changes: >> Ok: transaction number 0. >> [root@ferguson src]# semodule -vR >> SELinux: Could not downgrade policy file >> /etc/selinux/targeted/policy/policy.29, searching for an older version. >> SELinux: Could not open policy file <= >> /etc/selinux/targeted/policy/policy.29: No such file or directory >> /sbin/load_policy: Can't load policy: No such file or directory >> libsemanage.semanage_reload_policy: load_policy returned error code 2. (No >> such file or directory). >> [root@ferguson src]# >> >> This is happening on two different SL 7.2 machines with SElinux installed >> but disabled. >> >> I even tried uninstalling selinux* but that got me into deeper trouble. >> >> [root@ferguson src]# rpm -qv selinux-policy >> selinux-policy-3.13.1-60.el7_2.7.noarch >> >> Is there an issue with this version of selinux??? >> >> Cheers >> Bill >> >> -Original message- >>> From:Bill Maidment >>> Sent: Saturday 25th June 2016 17:26 >>> To: Akemi Yagi ; SL Users >>> >>> Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN >>> printer driver >>> >>> Thanks for the suggestion Akemi. >>> Unfortunately, it made no difference. >>> I'm awaiting comment from Brother, but I suspect they will say change to >>> Ubuntu :-( >>> Cheers >>> Bill >>> >>> -Original message- From:Akemi Yagi Sent: Saturday 25th June 2016 1:10 To: SL Users Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment wrote: > Has anyone any suggestions how to get a Brother HL-3150CDN printer driver > installed on SL7. > I have been trying to install using the Brother supplied installation > script, which worked OK on SL6. > > With SL7 I get error messages such as: > SELinux: Could not downgrade policy file > /etc/selinux/targeted/policy/policy.29, searching for an older version. > SELinux: Could not open policy file <= > /etc/selinux/targeted/policy/policy.29: No such file or directory > /sbin/load_policy: Can't load policy: No such file or directory > > The file in question does exist, but I have selinux disabled anyway. > > SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that > an issue? > I guess the Brother script is a bit out of date as it was created in 2012. > > Any help would be appreciated. > > Cheers >
RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN printer driver
Well I've heard back from Brother and they suggest that my SElinux set up has a problem. They recommended that I do semodule -vR This gave me exactly the same error messages. Then I did semodule -vB which worked OK, but repeating semodule -vR still gives [root@ferguson src]# semodule -vB Committing changes: Ok: transaction number 0. [root@ferguson src]# semodule -vR SELinux: Could not downgrade policy file /etc/selinux/targeted/policy/policy.29, searching for an older version. SELinux: Could not open policy file <= /etc/selinux/targeted/policy/policy.29: No such file or directory /sbin/load_policy: Can't load policy: No such file or directory libsemanage.semanage_reload_policy: load_policy returned error code 2. (No such file or directory). [root@ferguson src]# This is happening on two different SL 7.2 machines with SElinux installed but disabled. I even tried uninstalling selinux* but that got me into deeper trouble. [root@ferguson src]# rpm -qv selinux-policy selinux-policy-3.13.1-60.el7_2.7.noarch Is there an issue with this version of selinux??? Cheers Bill -Original message- > From:Bill Maidment> Sent: Saturday 25th June 2016 17:26 > To: Akemi Yagi ; SL Users > Subject: RE: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN > printer driver > > Thanks for the suggestion Akemi. > Unfortunately, it made no difference. > I'm awaiting comment from Brother, but I suspect they will say change to > Ubuntu :-( > Cheers > Bill > > -Original message- > > From:Akemi Yagi > > Sent: Saturday 25th June 2016 1:10 > > To: SL Users > > Subject: Re: SL7 CUPS/SELinux problem trying to install Brother HL-3150CDN > > printer driver > > > > On Fri, Jun 24, 2016 at 2:33 AM, Bill Maidment wrote: > > > Has anyone any suggestions how to get a Brother HL-3150CDN printer driver > > > installed on SL7. > > > I have been trying to install using the Brother supplied installation > > > script, which worked OK on SL6. > > > > > > With SL7 I get error messages such as: > > > SELinux: Could not downgrade policy file > > > /etc/selinux/targeted/policy/policy.29, searching for an older version. > > > SELinux: Could not open policy file <= > > > /etc/selinux/targeted/policy/policy.29: No such file or directory > > > /sbin/load_policy: Can't load policy: No such file or directory > > > > > > The file in question does exist, but I have selinux disabled anyway. > > > > > > SL7 is using cups version 1.6 whereas SL6 uses cups version 1.4. Is that > > > an issue? > > > I guess the Brother script is a bit out of date as it was created in 2012. > > > > > > Any help would be appreciated. > > > > > > Cheers > > > Bill Maidment > > > > Can you try reinstalling selinux-policy packages and see if that fixes > > the issue? > > > > yum reinstall selinux-policy\* > > > > Akemi > > > >