I don't know how to distinguish between "to get extra functionality",
and "driver is requesting." I submit a print job to the device which
uses the hp:/net/Office... URI and I get AVC denial pop-ups.
My current status is that I've generated allow rules which,
successfully, permit the printer interface to function without warnings.
I would mention that the FAQ which setroubleshoot directed be to was
*very* helpful with respect to generating and applying the necessary
rules. Thanks for the assist!
I should also mention, again(?), that I run SELinux in "permissive"
mode. The AVC warnings are just an annoyance and to not prohibit
further activities.
My reason for filing this bug report derived from following suggestions
received from the #selinux channel on the freenode IRC Network.
From my own point of view, this issue may be dropped. The thread may
prove helpful, however, to anyone else installing the 2.8.7 level of hplip.
Thanks for your attention,
Joropo
-------- Original Message --------
On Tue, Aug 26, 2008 at 02:10:02PM -0400, JOhn ROss POrter wrote:
> Matt Anderson wrote:
>> same device URI and PPD file?
> different URI's
> no AVC -- socket://192.168.1.105:9100
> w/AVC -- hp:/net/OfficeJet_G85?ip=192.168.1.105 (was created
> auto-magically by hplip install procedure. Additionally, extra
> functionality enabled with this device [scanning and printer display
> feedback])
Okay, it sounds like you've got a patch for the hplip policy then. Do
you need these additional allow rules to get the extra functionality or
are they permissions the driver is requesting? If it works, but
generates AVCs as is, you might consider using dontaudit rules.
-matt