Download Latest Version whitehack_virtualbox_with_symlinks-0.4.12n.tgz (33.3 kB)
Email in envelope

Get an email when there's a new version of whitehack

Home
Name Modified Size InfoDownloads / Week
whitehack-0.4 2012-12-11
0
whitehack-0.3 2012-03-27
0
whitehack-0.2 2012-03-27
0
whitehack-0.1 2012-03-20
0
README 2012-03-27 4.5 kB
0
Totals: 5 Items   4.5 kB 0 
This whitehack includes/improves Brother own recommended way of integrating with selinux:
Title: "I want to print using CUPS while keeping SELinux enabled."
* http://welcome.solutions.brother.com/bsc/public_s/id/linux/en/faq_prn.html#30

Symptom:
* When a job is queued to the printer /var/log/audit.log contains errors:
- execute_no_trans for brlpdwrappermfc filtermfcj6910dw brprintconf_mfc
* script psconvertij2 calls /usr/bin/gs -r -g2332x5400 -q -dNOPROMPT -dNOPAUSE -dSAFER -sDEVICE=ppmraw -sOutputFile=- - -c quit
# Note: -r needs an argument: vis-à-vis error message: "-r must be followed by <res> or <xres>x<yres>
# /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc is empty
# Coding consideration: It appears psconvertij2 send error messages to stdout, not stderr, FIX

NOTE: 
 * this package is released as 0.3 beta.
 * It might work for you, it works for me, but I only have 1 printer
  - whitehack_brother_printer_with_selinux-enable should work with more then one concurrent type of printer
 * I am releasing is as a "works for me" hoping some others will give it a go and feedback.
 * If all goes well I will tidy it up and release it as a 1.0

To install use:
yum install  ~/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-enabled-0.3-12m.noarch.rpm

This creates: /usr/bin/whitehack_brother_printer_with_selinux

Once installed it can be temporarily disabled with this command:
# /usr/bin/whitehack_brother_printer_with_selinux disable

Once installed it's status can queried with this command:
# /usr/bin/whitehack_brother_printer_with_selinux status

To remove again use yum:
yum remove whitehack_brother_printer_with_selinux-enabled

You can also install without enabling with this command:
yum install  ~/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-0.3-12m.noarch.rpm

This alternate install gives you the chance to visually inspect the code in
/usr/bin/whitehack_brother_printer_with_selinux before you run it.

To build the .spec file simply run ../whitehack_bin/mkwhitehack in this src directory

This will create 3 files:
Wrote: /home/nevilled/rpmbuild/SRPMS/whitehack_brother_printer_with_selinux-0.3-12m.src.rpm
Wrote: /home/nevilled/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-0.3-12m.noarch.rpm
Wrote: /home/nevilled/rpmbuild/RPMS/noarch/whitehack_brother_printer_with_selinux-enabled-0.3-12m.noarch.rpm

NJoy
NevilleDNZ

Example of audit.log error messages:
audit/audit.log: type=AVC msg=audit(1332817474.398:174): avc:  denied  { execute } for  pid=9242 comm="brlpdwrappermfc" name="filtermfcj6910dw" dev=dm-0 ino=1212446 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
audit/audit.log: type=SYSCALL msg=audit(1332817474.398:174): arch=40000003 syscall=33 success=no exit=-13 a0=93812d8 a1=1 a2=11 a3=93812d8 items=0 ppid=9226 pid=9242 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="brlpdwrappermfc" exe="/bin/bash" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
cups/error_log: I [27/Mar/2012:13:04:34 +1000] [Job 569] Completed successfully.

Example of whitehack_brother_printer_with_selinux-enabled installation:
# rpm -ivh whitehack_brother_printer_with_selinux-enabled-0.3-12m.noarch.rpm
Preparing...                ########################################### [100%]
   1:whitehack_brother_print########################################### [100%]
+ semanage fcontext -a -f -- -s system_u -t bin_t -r s0 /opt/brother/Printers/mfcj6910dw/lpd/.*
+ restorecon . brmfcj6910dwfilter filtermfcj6910dw psconvertij2
+ semanage fcontext -a -f -- -s system_u -t bin_t -r s0 /opt/brother/Printers/mfcj6910dw/cupswrapper/.*
+ restorecon . brcupsconfpt1 cupswrappermfcj6910dw mfcj6910dw.ppd
+ semanage fcontext -f -- -a -s system_u -t cupsd_rw_etc_t -r s0 /etc/opt/brother/Printers/mfcj6910dw/inf/.*
+ semanage fcontext -f -d -a -s system_u -t cupsd_rw_etc_t -r s0 /etc/opt/brother/Printers/mfcj6910dw/inf
+ restorecon . brmfcj6910dwfunc brmfcj6910dwrc ImagingArea lut paperinfij2 setupPrintcapij
+ restorecon brlpdwrappermfcj6910dw
+ restorecon brprintconf_mfcj6910dw brushtopbm
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i whitehackXbrotherXprinterXwithXselinux.pp

+ semodule -i whitehackXbrotherXprinterXwithXselinux.pp
NOTE: semodule -i "whitehackXbrotherXprinterXwithXselinux.pp" has now been applied!
Source: README, updated 2012-03-27