-
Bug
-
Resolution: Done-Errata
-
Normal
-
rhel-9.2.0
-
selinux-policy-38.1.24-1.el9
-
None
-
None
-
sst_security_selinux
-
ssg_security
-
8
-
None
-
QE ack, Dev ack
-
False
-
-
No
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
Description of problem:
If you try to add network (smb://) printer using gnome-control-center, after choosing printer model it will end up with message "Printer was not added". Selinux deny it, see AVC messages below
Version-Release number of selected component (if applicable):
selinux-policy-38.1.11-2.el9_2.3.noarch
How reproducible:
Always
Steps to Reproduce:
1. Open gnome-control-center, select Printers, Unlock, then Add printer
2. in search field enter smb://printserver/printer path, authenticate if needed, click on printer
3. On next screen, select make and model (for example, Brother DCP-1200) and click Select
Actual results: New window appear with "Printer was not added" message
Expected results: It should be possible to add printer with default selinux policy
Additional info:
audit.log says:
type=AVC msg=audit(1693407183.128:314): avc: denied
{ bpf } for pid=26220 comm="gutenprint53+us" capability=39 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=capability2 permissive=0type=AVC msg=audit(1693407246.295:321): avc: denied { bpf }
for pid=26388 comm="gutenprint53+us" capability=39 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=capability2 permissive=0
If create custom policy from it, it will be possible to add printer.
- external trackers
- links to
-
RHBA-2023:121166
selinux-policy bug fix and enhancement update
