Ubuntu
refpolicy package

[hardy] unable to start cupsys if selinux is enforcing.

Bug #202983 reported by Christer Edwards
42
Affects Status Importance Assigned to Milestone
refpolicy (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: selinux

I've just tested on two machines, both hardy alpha 6, both running selinux from the ubuntu-hardened PPA. Neither machine is able to start the cupsys service while SELinux is in enforcing mode.

Trying manually from the shell:

christer@macbook:~$ getenforce
Permissive
christer@macbook:~$ sudo setenforce 1
[sudo] password for christer:
christer@macbook:~$ sudo /etc/init.d/cupsys stop
 * Stopping Common Unix Printing System: cupsd [ OK ]
christer@macbook:~$ sudo /etc/init.d/cupsys start
 * Starting Common Unix Printing System: cupsd start-stop-daemon: Unable to start /usr/sbin/cupsd: Permission denied (Permission denied)
christer@macbook:~$ sudo setenforce 0
christer@macbook:~$ sudo /etc/init.d/cupsys start
 * Starting Common Unix Printing System: cupsd [ OK ]
christer@macbook:~$

Let me know if there is any more information needed.

Revision history for this message
irober02 (ianwroberts) wrote :

Me too on ubuntu-8.04-beta-server-amd64

Caleb Case (calebcase)
Changed in selinux:
status: New → Fix Released
Revision history for this message
Hans Spaans (hspaans) wrote :

This issue came back for me today while upgrading package cupsys to version 1.3.7-1ubuntu3.

root@nemo:~# getenforce
Enforcing
root@nemo:~# setenforce 1
root@nemo:~# /etc/init.d/cupsys stop
 * Stopping Common Unix Printing System: cupsd
   ...done.
root@nemo:~# /etc/init.d/cupsys start
 * Starting Common Unix Printing System: cupsd
start-stop-daemon: Unable to start /usr/sbin/cupsd: Permission denied (Permission denied)
root@nemo:~# setenforce 0
root@nemo:~# /etc/init.d/cupsys start
 * Starting Common Unix Printing System: cupsd
   ...done.
root@nemo:~#

Greg Grossmeier (greg.grossmeier)
Changed in selinux:
importance: Undecided → Low
status: Fix Released → Confirmed
Revision history for this message
Hans Spaans (hspaans) wrote :

The following fixed my upgraded 7.10 to 8.04 setup.

sudo apt-get install --reinstall selinux-policy-refpolicy-cups
sudo init 6

Revision history for this message
Christer Edwards (christer.edwards) wrote :

On a fresh install I did 'apt-get install selinux' and I am able to restart cups as normal. It looks like this bug only affects 7.10 or upgrades from 7.10.

I did however find a new bug related to selinux stopping hal (bug #224921)

installed selinux packages and versions:

libselinux 2.0.55-0ubuntu4
python-selinux 2.0.55-0ubuntu4
selinux 0.2
selinux-policy-refpolicy 0.0.20071214-0ubuntu3
selinux-policy-refpolicy-cups 0.0.20071214-0ubuntu3
selinux-policy-refpolicy-unconfined 0.0.20071214-0ubuntu3
selinux-utils 2.0.55-0ubuntu4

Revision history for this message
Greg Grossmeier (greg.grossmeier) wrote :

If anyone has the logs from their upgrade to 8.04 that would be great. the logs are in /var/log/dist-upgrade/
Also your sources.list would be good.

This way we can see if something failed during the upgrade that would cause this and thus need to be fixed in update-manager or selinux.

Thanks!

Revision history for this message
tgelter (timothy-gelter) wrote :

Attached are my sources and logs.

Revision history for this message
irober02 (ianwroberts) wrote : Re: [Bug 202983] Re: [hardy] unable to start cupsys if selinux is enforcing.

Christer Edwards wrote:
> On a fresh install I did 'apt-get install selinux' and I am able to
> restart cups as normal. It looks like this bug only affects 7.10 or
> upgrades from 7.10.
>
 It also hit 8.04 beta but upgrades that arrived about a week prior to
the full release Heron fixed the problem.:-)

ian
> I did however find a new bug related to selinux stopping hal (bug
> #224921)
>
> installed selinux packages and versions:
>
> libselinux 2.0.55-0ubuntu4
> python-selinux 2.0.55-0ubuntu4
> selinux 0.2
> selinux-policy-refpolicy 0.0.20071214-0ubuntu3
> selinux-policy-refpolicy-cups 0.0.20071214-0ubuntu3
> selinux-policy-refpolicy-unconfined 0.0.20071214-0ubuntu3
> selinux-utils 2.0.55-0ubuntu4
>
>

--
Ian W Roberts
157 Sixth Avenue
ROYSTON PARK 5070

t: +61 8 8362 1318
m: 0423 147 044
e: <email address hidden>

This email message is intended only for the addressee(s) and contains information that may be confidential and/or copyright. If you are not the intended recipient please notify the sender by reply email and immediately delete this email. Use, disclosure or reproduction of this email by anyone other than the intended recipient(s) is strictly prohibited. No representation is made that this email or any attachments are free of viruses. Virus scanning is recommended and is the responsibility of the recipient.

Revision history for this message
Laurent Bigonville (bigon) wrote :

Reassinging to the refpolicy package

affects: selinux (Ubuntu) → refpolicy (Ubuntu)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.