[cups.development] [RFE] STR #2474: Support for SELinux
mra at hp.com
Tue Aug 14 15:46:40 PDT 2007
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
This patch uses getpeercon() to determine the SELinux context (scon) of
a user printing over a unix domain socket. The scon is stored in the
connection initially, and copied to any subsequent jobs created during
that connection. Intermediate spool files are stored on disk at the
lower bound of this security label.
At add_job() time the context of the user is compared to the context of
the printer device file, if SELinux does not allow the client to write
to the printer device the job is not accepted and the user gets feedback
on the command line. Once the job gets to StartJob() this check is
repeated, however if the job is canceled here that is only reported in
During an lpq the connection's context is compared to the job's context
and if the SELinux policy allows for read access then the job is listed
in the output. If not, the connection's context is compared with the
context of the spool file, allowing for an SELinux policy where an
administrator can be granted access explicitly for administering the
Although all of this code is wrapped in compile time #ifdefs there is
also an configuration bool EnforceSELinux which defaults to yes. If
this is set to no most checks are skipped entirely and behavior is not
This support is functionally equivalent to the features included in the
recent Redhat EAL4+ CAPP/LSPP/RBACPP evaluation.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
More information about the cups-devel