Hi,
I've installed the Citrix Receiver rpm (https://www.citrix.com/downloads/citrix-receiver/linux.html). The citrix client runs, but doesn't see the local printers. The messages in the audit log are not of the "normal" type, in my limited experience:
[root@daisy files]# audit2allow -a libsepol.context_from_record: invalid security context: "unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023 to sid libsepol.context_from_record: invalid security context: "unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023 to sid
It works fine in permissive mode.
Any pointers on how to fix this?
- Mike
----- Original Message -----
From: "Dr. Michael J. Chudobiak" mjc@avtechpulse.com To: selinux@lists.fedoraproject.org Sent: Thursday, November 5, 2015 1:09:07 PM Subject: invalid security context, lpr_t
Hi,
I've installed the Citrix Receiver rpm (https://www.citrix.com/downloads/citrix-receiver/linux.html). The citrix client runs, but doesn't see the local printers. The messages in the audit log are not of the "normal" type, in my limited experience:
[root@daisy files]# audit2allow -a libsepol.context_from_record: invalid security context: "unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023 to sid libsepol.context_from_record: invalid security context: "unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023" libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert unconfined_u:unconfined_r:lpr_t:s0-s0:c0.c1023 to sid
It works fine in permissive mode.
Any pointers on how to fix this?
This should be part of the lpd policy file shipped in selinux-policy-targeted
rpm -ql selinux-policy-targeted | grep -i lpd
or
semodule -l | grep -i lpd
- Mike
-- selinux mailing list selinux@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux
Ok, the problem is we label lpr executables and there is a generic transition from unconfined domain but without role access. Could you please open a new bug where we could discuss it more and widely.
Thank you.
Regards, Miroslav
On 12/08/2015 04:09 AM, mgrepl@redhat.com wrote:
Ok, the problem is we label lpr executables and there is a generic transition from unconfined domain but without role access. Could you please open a new bug where we could discuss it more and widely.
Thanks - bug filed here:
https://bugzilla.redhat.com/show_bug.cgi?id=1289592
- Mike
selinux@lists.fedoraproject.org
-
Dr. Michael J. Chudobiak -
Miroslav Grepl -
Simon Sekidde