Home
Name Modified Size Downloads / Week Status
Totals: 5 Items   4.5 kB 1
whitehack-0.4 2012-12-11 11 weekly downloads
whitehack-0.3 2012-03-27 11 weekly downloads
whitehack-0.2 2012-03-27 11 weekly downloads
whitehack-0.1 2012-03-20 11 weekly downloads
README 2012-03-27 4.5 kB 11 weekly downloads
This whitehack includes/improves Brother own recommended way of integrating with selinux: Title: "I want to print using CUPS while keeping SELinux enabled." * http://welcome.solutions.brother.com/bsc/public_s/id/linux/en/faq_prn.html#30 Symptom: * When a job is queued to the printer /var/log/audit.log contains errors: - execute_no_trans for brlpdwrappermfc filtermfcj6910dw brprintconf_mfc * script psconvertij2 calls /usr/bin/gs -r -g2332x5400 -q -dNOPROMPT -dNOPAUSE -dSAFER -sDEVICE=ppmraw -sOutputFile=- - -c quit # Note: -r needs an argument: vis-à-vis error message: "-r must be followed by <res> or <xres>x<yres> # /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc is empty # Coding consideration: It appears psconvertij2 send error messages to stdout, not stderr, FIX NOTE: * this package is released as 0.3 beta. * It might work for you, it works for me, but I only have 1 printer - whitehack_brother_printer_with_selinux-enable should work with more then one concurrent type of printer * I am releasing is as a "works for me" hoping some others will give it a go and feedback. * If all goes well I will tidy it up and release it as a 1.0 To install use: yum install ~/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-enabled-0.3-12m.noarch.rpm This creates: /usr/bin/whitehack_brother_printer_with_selinux Once installed it can be temporarily disabled with this command: # /usr/bin/whitehack_brother_printer_with_selinux disable Once installed it's status can queried with this command: # /usr/bin/whitehack_brother_printer_with_selinux status To remove again use yum: yum remove whitehack_brother_printer_with_selinux-enabled You can also install without enabling with this command: yum install ~/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-0.3-12m.noarch.rpm This alternate install gives you the chance to visually inspect the code in /usr/bin/whitehack_brother_printer_with_selinux before you run it. To build the .spec file simply run ../whitehack_bin/mkwhitehack in this src directory This will create 3 files: Wrote: /home/nevilled/rpmbuild/SRPMS/whitehack_brother_printer_with_selinux-0.3-12m.src.rpm Wrote: /home/nevilled/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-0.3-12m.noarch.rpm Wrote: /home/nevilled/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-enabled-0.3-12m.noarch.rpm NJoy NevilleDNZ Example of audit.log error messages: audit/audit.log: type=AVC msg=audit(1332817474.398:174): avc: denied { execute } for pid=9242 comm="brlpdwrappermfc" name="filtermfcj6910dw" dev=dm-0 ino=1212446 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file audit/audit.log: type=SYSCALL msg=audit(1332817474.398:174): arch=40000003 syscall=33 success=no exit=-13 a0=93812d8 a1=1 a2=11 a3=93812d8 items=0 ppid=9226 pid=9242 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="brlpdwrappermfc" exe="/bin/bash" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) cups/error_log: I [27/Mar/2012:13:04:34 +1000] [Job 569] Completed successfully. Example of whitehack_brother_printer_with_selinux-enabled installation: # rpm -ivh whitehack_brother_printer_with_selinux-enabled-0.3-12m.noarch.rpm Preparing... ########################################### [100%] 1:whitehack_brother_print########################################### [100%] + semanage fcontext -a -f -- -s system_u -t bin_t -r s0 /opt/brother/Printers/mfcj6910dw/lpd/.* + restorecon . brmfcj6910dwfilter filtermfcj6910dw psconvertij2 + semanage fcontext -a -f -- -s system_u -t bin_t -r s0 /opt/brother/Printers/mfcj6910dw/cupswrapper/.* + restorecon . brcupsconfpt1 cupswrappermfcj6910dw mfcj6910dw.ppd + semanage fcontext -f -- -a -s system_u -t cupsd_rw_etc_t -r s0 /etc/opt/brother/Printers/mfcj6910dw/inf/.* + semanage fcontext -f -d -a -s system_u -t cupsd_rw_etc_t -r s0 /etc/opt/brother/Printers/mfcj6910dw/inf + restorecon . brmfcj6910dwfunc brmfcj6910dwrc ImagingArea lut paperinfij2 setupPrintcapij + restorecon brlpdwrappermfcj6910dw + restorecon brprintconf_mfcj6910dw brushtopbm ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i whitehackXbrotherXprinterXwithXselinux.pp + semodule -i whitehackXbrotherXprinterXwithXselinux.pp NOTE: semodule -i "whitehackXbrotherXprinterXwithXselinux.pp" has now been applied!
Source: README, updated 2012-03-27