Package: selinux-policy-refpolicy-targeted
Version: 0.0.20061018-5
Severity: normal
Tags: patch

The hpssd daemon is incorrectly labeled. There is an fc-rule in the cups
module which says that /usr/share/hplip/hpssd.py should be labeled as
hplip_exec_t. But hpssd.py is installed in /usr/lib/hplip on Debian etch
systems.

When correctly labeled, the hpssd daemon refuses to startup, because it
can not read the symlink in /usr/sbin/hpssd which points to
/usr/lib/hplip/hpssd.py.

To solve these issues you need the following changes:

In cups.fc, add the following line:
    /usr/lib/hplip/hpssd\.py -- gen_context(system_u:object_r:hplip_exec_t,s0)

In cups.te, add the following line:
    allow hplip_t sbin_t:lnk_file r_file_perms;

After this, hpssd can still not read the precompiled python modules in
/var/lib/python-support/. This does not seem to stop it from working
correctly, though.

Thanks,
  Frodo

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages selinux-policy-refpolicy-targeted depends on:
ii  libpam-modules                0.79-4     Pluggable Authentication Modules f
ii  libselinux1                   1.32-3     SELinux shared libraries
ii  policycoreutils               1.32-3     SELinux core policy utilities
ii  python                        2.4.4-2    An interactive high-level object-o

Versions of packages selinux-policy-refpolicy-targeted recommends:
ii  checkpolicy                   1.32-1     SELinux policy compiler
ii  setools                       2.4-3      Tresys tools for managing Security

-- no debconf information



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to