From: cpebenito@tresys.com (Christopher J. PeBenito) Date: Fri, 29 Aug 2008 10:33:49 -0400 Subject: [refpolicy] AVC denials from cups In-Reply-To: <48B5A479.7040904@pioneerwireless.net> References: <20080827151643.GA30786@ldl.fc.hp.com> <48B5A479.7040904@pioneerwireless.net> Message-ID: <1220020429.22710.39.camel@gorn.columbia.tresys.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Wed, 2008-08-27 at 15:01 -0400, JOhn ROss POrter wrote: > Matt Anderson wrote: > > JOhn ROss POrter wrote: > > > > You had mentioned that the hplip driver allows you to get more > > functionality than just printing. I was wondering if the AVCs were > > generated from those requests, or the printing requests, or what was > > seemingly random from the driver. > > > The AVC warnings occur only as a result of print activity. I get no such > warnings from the scanner interface. [...] > allow hplip_t system_dbusd_t:dbus send_msg; > allow hplip_t system_dbusd_t:unix_stream_socket connectto; > allow hplip_t system_dbusd_var_run_t:dir search; > allow hplip_t system_dbusd_var_run_t:sock_file write; A quick look into hplip reveals that it uses dbus, so this isn't surprising. I have added this access to refpolicy. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150