Nov 28 20:15:25 quad python3[8590]: SELinux is preventing gcp-cups-connec from read access on the sock_file cups.sock.#012#012* Plugin catchall (100. confidence) suggests **#012#012If you believe that gcp-cups-connec should be allowed read access on the cups.sock sock_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'gcp-cups-connec' --raw | audit2allow -M my-gcpcupsconnec#012# semodule -X 300 -i my-gcpcupsconnec.pp#012
There are two cups.sock files - one for reading, one for writing.
Can you take care of this? I know that SELinux is run in "permissive" mode on "quad" here. But how about people who are running SELinux mode in "enforcing" mode?
From /var/log/messages:
Nov 28 20:15:21 quad audit[1737]: AVC avc: denied { read } for pid=1737 comm="gcp-cups-connec" name="cups.sock" dev="tmpfs" ino=23755 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file permissive=1
Nov 28 20:15:25 quad python3[8590]: SELinux is preventing gcp-cups-connec from read access on the sock_file cups.sock.#012#012* Plugin catchall (100. confidence) suggests **#012#012If you believe that gcp-cups-connec should be allowed read access on the cups.sock sock_file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'gcp-cups-connec' --raw | audit2allow -M my-gcpcupsconnec#012# semodule -X 300 -i my-gcpcupsconnec.pp#012
There are two cups.sock files - one for reading, one for writing.
Can you take care of this? I know that SELinux is run in "permissive" mode on "quad" here. But how about people who are running SELinux mode in "enforcing" mode?