removed lpd.te, kept cups.te

removed lpd.te, kept cups.te

[Luke Kenneth Casson Leighton]

hi,

this is with policy default debian package 1.14-3.

i removed lpd.te, i kept cups.te (which reflects what i have
set up: lpd is not enabled, lpd emulation in cups is not enabled).

i would expect therefore that removing lpd.te would, in cups.te,
go "oh, lpd.te isn't enabled, therefore i'll not put in the
lpd emulation sections such as cupsd doing bind to the lpd port".

... but instead i get error at line 29: unknown type printer_device_t.

am i missing something?

have i made an assumption about what lpd.te provides?

l.

-- 
--
Truth, honesty and respect are rare commodities that all spring from
the same well: Love.  If you love yourself and everyone and everything
around you, funnily and coincidentally enough, life gets a lot better.
--
<a href="http://lkcl.net">      lkcl.net      </a> <br />
<a href="mailto:lkcl@lkcl.net"> lkcl@lkcl.net </a> <br />


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: removed lpd.te, kept cups.te

[Russell Coker]

On Tue, 17 Aug 2004 21:38, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> i removed lpd.te, i kept cups.te (which reflects what i have
> set up: lpd is not enabled, lpd emulation in cups is not enabled).
>
> ... but instead i get error at line 29: unknown type printer_device_t.
>
> am i missing something?

Line 5 of cups.te.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

Re: removed lpd.te, kept cups.te

[Luke Kenneth Casson Leighton]

On Wed, Aug 18, 2004 at 08:57:50PM +1000, Russell Coker wrote:
> On Tue, 17 Aug 2004 21:38, Luke Kenneth Casson Leighton <lkcl@lkcl.net> wrote:
> > i removed lpd.te, i kept cups.te (which reflects what i have
> > set up: lpd is not enabled, lpd emulation in cups is not enabled).
> >
> > ... but instead i get error at line 29: unknown type printer_device_t.
> >
> > am i missing something?
> 
> Line 5 of cups.te.
 
 ooo.  ah, yes: the one that says "Depends: lpd.te" :)

 okay.  so lpd.te allows binding to the lpr port.

 and the only cupsys package that does binding to the lpr port is
 cupsys-bsd (which provides a lpr compatibility layer).

 so if i haven't installed cupsys-bsd, i have an extra unprotected
 port which a compromised cupsys daemon could bind to.

 hmm :)

 


--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.