Package: selinux-policy-refpolicy-targeted
Version: 0.0.20061018-5
Severity: normal
Tags: patch
The hpssd daemon is incorrectly labeled. There is an fc-rule in the cups
module which says that /usr/share/hplip/hpssd.py should be labeled as
hplip_exec_t. But hpssd.py is installed in /usr/lib/hplip on Debian etch
systems.
When correctly labeled, the hpssd daemon refuses to startup, because it
can not read the symlink in /usr/sbin/hpssd which points to
/usr/lib/hplip/hpssd.py.
To solve these issues you need the following changes:
In cups.fc, add the following line:
/usr/lib/hplip/hpssd\.py -- gen_context(system_u:object_r:hplip_exec_t,s0)
In cups.te, add the following line:
allow hplip_t sbin_t:lnk_file r_file_perms;
After this, hpssd can still not read the precompiled python modules in
/var/lib/python-support/. This does not seem to stop it from working
correctly, though.
Thanks,
Frodo
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-5-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages selinux-policy-refpolicy-targeted depends on:
ii libpam-modules 0.79-4 Pluggable Authentication Modules f
ii libselinux1 1.32-3 SELinux shared libraries
ii policycoreutils 1.32-3 SELinux core policy utilities
ii python 2.4.4-2 An interactive high-level object-o
Versions of packages selinux-policy-refpolicy-targeted recommends:
ii checkpolicy 1.32-1 SELinux policy compiler
ii setools 2.4-3 Tresys tools for managing Security
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]