[latest cvs]: build error on printer_device_t not recognised

[latest cvs]: build error on printer_device_t not recognised

[Luke Kenneth Casson Leighton]

okay, i just took dan walsh's deb .diff, copied over the debian/
files from the patch, then added serviceusers to debian/rules
in the cp -r stuff.

this enables me to create a .deb to copy over to the target machine.

i removed all previous /etc/selinux stuff and /usr/share/selinux
stuff.

on install, i get:

	tv:/etc/selinux# make
	mkdir -p /etc/security/selinux
	/usr/bin/checkpolicy -o /etc/security/selinux/policy.17 policy.conf
	/usr/bin/checkpolicy:  loading policy configuration from policy.conf
	domains/program/cups.te:29:ERROR 'unknown type printer_device_t' at
	token ';' on line 44054:

	allow cupsd_t printer_device_t:chr_file { ioctl read getattr lock write
	append };
	/usr/bin/checkpolicy:  error(s) encountered while parsing configuration

i find the printer_device_t definition to be in
domains/program/unused/lpd.te

is this error something to do with me having cups installed but not
lpd?

i believe i am correct in thinking that you don't need lpd installed in
order for cups to work _as a client_.

l.

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [latest cvs]: build error on printer_device_t not recognised

[Luke Kenneth Casson Leighton]

On Tue, May 18, 2004 at 09:48:37AM +0000, Luke Kenneth Casson Leighton wrote:

> is this error something to do with me having cups installed but not
> lpd?
> 
> i believe i am correct in thinking that you don't need lpd installed in
> order for cups to work _as a client_.
> 
> l.

p.s. i have cupsys-bsd installed instead of lprng or equiv.

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [latest cvs]: build error on printer_device_t not recognised

[Russell Coker]

On Tue, 18 May 2004 19:48, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> 	allow cupsd_t printer_device_t:chr_file { ioctl read getattr lock write
> 	append };
> 	/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
>
> i find the printer_device_t definition to be in
> domains/program/unused/lpd.te
>
> is this error something to do with me having cups installed but not
> lpd?

Yes.  cups.te depends on lpd.te, see the Depends line in cups.te.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: [latest cvs]: build error on printer_device_t not recognised

[Luke Kenneth Casson Leighton]

On Tue, May 18, 2004 at 11:50:20PM +1000, Russell Coker wrote:
> On Tue, 18 May 2004 19:48, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > 	allow cupsd_t printer_device_t:chr_file { ioctl read getattr lock write
> > 	append };
> > 	/usr/bin/checkpolicy:  error(s) encountered while parsing configuration
> >
> > i find the printer_device_t definition to be in
> > domains/program/unused/lpd.te
> >
> > is this error something to do with me having cups installed but not
> > lpd?
> 
> Yes.  cups.te depends on lpd.te, see the Depends line in cups.te.
 
 ah.  but i have cupsys-bsd installed, not lpd.  cupsys-bsd provides
 lpd client-side compatibility:

  "This package provides the BSD commands for interacting with CUPS.  It
   is provides separately to allow CUPS to coexist with other printing
   systems (to a small degree)."

 i manually copied over
 /usr/share/selinux/default/domains/program/lpd.te
 to /etc/selinux/... and the problem went away.

 l.

> -- 
> http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
> http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
> http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
> http://www.coker.com.au/~russell/  My home page

-- 
-- 
expecting email to be received and understood is a bit like
picking up the telephone and immediately dialing without
checking for a dial-tone; speaking immediately without listening
for either an answer or ring-tone; hanging up immediately and
believing that you have actually started a conversation.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.