From: cpebenito@tresys.com (Christopher J. PeBenito)
Date: Fri, 29 Aug 2008 10:33:49 -0400
Subject: [refpolicy] AVC denials from cups
In-Reply-To: <48B5A479.7040904@pioneerwireless.net>
References: <20080827151643.GA30786@ldl.fc.hp.com>
	<48B5A479.7040904@pioneerwireless.net>
Message-ID: <1220020429.22710.39.camel@gorn.columbia.tresys.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Wed, 2008-08-27 at 15:01 -0400, JOhn ROss POrter wrote:
> Matt Anderson wrote:
> > JOhn ROss POrter wrote:   
> >
> > You had mentioned that the hplip driver allows you to get more
> > functionality than just printing.  I was wondering if the AVCs were
> > generated from those requests, or the printing requests, or what was
> > seemingly random from the driver.
> >   
> The AVC warnings occur only as a result of print activity. I get no such 
> warnings from the scanner interface.
[...]
> allow hplip_t system_dbusd_t:dbus send_msg;
> allow hplip_t system_dbusd_t:unix_stream_socket connectto;
> allow hplip_t system_dbusd_var_run_t:dir search;
> allow hplip_t system_dbusd_var_run_t:sock_file write;

A quick look into hplip reveals that it uses dbus, so this isn't
surprising.  I have added this access to refpolicy.

-- 
Chris PeBenito
Tresys Technology, LLC
(410) 290-1411 x150