[cups.general] SELinux note
Michael Sweet
mike at easysw.com
Wed Jan 4 11:25:24 PST 2006
Jim Bodkikns (Dakotacom) wrote:
> ... As a note, Redhat enterprise linux (CentOS, WhiteBox and Fedora core
> 4 - not 1,2,3) uses SELinux which is an additional security layer which
> interferes with CUPS - I suspect. I suspect that SELinux must be
> disabled for CUPS in order for networked printing to work. If this is
> true, I would recommend the CUPS folks (easysw) clearly note this as it
> is making me nuts. (I havent had the chance to test this yet - the
> network is in Phoenix and I am in Tucson :) ). But out of the box
> network printing using cups just doesnt seem to work under the mentioned
> OS's. I suspect SELinux security. (This was noticed when attempting to
> install LTSP clients)
The current SELinux rules in FC4 don't work with CUPS 1.2, but we
are working with them to get the policies fixed. RedHat ES still
doesn't have the CUPS policies from FC4 (which *do* work with CUPS
1.1.23), which is why you are having these problems.
In the meantime, rather than disabling SELinux I would recommend
just putting it in "advisory" mode so that you'll still get any
possible security things logged.
Anyways, SELinux and iptables both can cause problems if they are
not properly configured, and not just for CUPS. We're working on
an article for the CUPS site that will describe how to configure
things on Linux, but the official CUPS documentation will still only
deal with CUPS itself (with references to the CUPS site for OS-
specific help/issues).
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the cups
mailing list