From: mra@hp.com (Matt Anderson)
Date: Wed, 27 Aug 2008 06:23:40 -0600
Subject: [refpolicy] AVC denials from cups
In-Reply-To: <48B446FA.1090609@pioneerwireless.net>
References: <48B2BFF4.1000704@pioneerwireless.net>
	<20080826120833.GA22352@ldl.fc.hp.com>
	<48B446FA.1090609@pioneerwireless.net>
Message-ID: <20080827122340.GB24210@ldl.fc.hp.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Tue, Aug 26, 2008 at 02:10:02PM -0400, JOhn ROss POrter wrote:
> Matt Anderson wrote:
>> same device URI and PPD file?  
> different URI's
> no AVC -- socket://192.168.1.105:9100
> w/AVC -- hp:/net/OfficeJet_G85?ip=192.168.1.105 (was created  
> auto-magically by hplip install procedure. Additionally, extra  
> functionality enabled with this device [scanning and printer display  
> feedback])

Okay, it sounds like you've got a patch for the hplip policy then.  Do
you need these additional allow rules to get the extra functionality or
are they permissions the driver is requesting?  If it works, but
generates AVCs as is, you might consider using dontaudit rules.

-matt