In spite of /usr/lib/cups/daemon/cups-lpd denial to read access sock_file cups.sock, cups-lpd will successfully migrate print jobs received via LPD to the local CUPS server. You can either ignore this issue or create a custom SELinux policy module. The steps to create a custom SELinux policy module are listed below:
- yum -y install setools-console yum-utils policycoreutils-devel rpm-build make
- Create a file named local_cupslpd-read-cupssock.te in vi with the following contents.
module local_cupslpd-read-cupssock 1.0;
require {
type cupsd_var_run_t;
type cupsd_lpd_t;
class sock_file read;
}
#============= cupsd_lpd_t ==============
allow cupsd_lpd_t cupsd_var_run_t:sock_file read;
- Compile the SELinux policy module with
make -f /usr/share/selinux/devel/Makefile local_cupslpd-read-cupssock.pp - Install the policy module with
semodule -i local_cupslpd-read-cupssock.pp
