From: mra@hp.com (Matt Anderson) Date: Wed, 27 Aug 2008 06:23:40 -0600 Subject: [refpolicy] AVC denials from cups In-Reply-To: <48B446FA.1090609@pioneerwireless.net> References: <48B2BFF4.1000704@pioneerwireless.net> <20080826120833.GA22352@ldl.fc.hp.com> <48B446FA.1090609@pioneerwireless.net> Message-ID: <20080827122340.GB24210@ldl.fc.hp.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Tue, Aug 26, 2008 at 02:10:02PM -0400, JOhn ROss POrter wrote: > Matt Anderson wrote: >> same device URI and PPD file? > different URI's > no AVC -- socket://192.168.1.105:9100 > w/AVC -- hp:/net/OfficeJet_G85?ip=192.168.1.105 (was created > auto-magically by hplip install procedure. Additionally, extra > functionality enabled with this device [scanning and printer display > feedback]) Okay, it sounds like you've got a patch for the hplip policy then. Do you need these additional allow rules to get the extra functionality or are they permissions the driver is requesting? If it works, but generates AVCs as is, you might consider using dontaudit rules. -matt