SE Linux AVC Denial warning

HP Photo smart C 5280. Printer only responds with SE Linux in permissive mode, but get a warning each time a document is printed.

Following is the output AVC denial and 'hp-check -t'

SummarySELinux is preventing the python from using potentially mislabeled files (hplip.conf).

Detailed Description
SELinux has denied python access to potentially mislabeled file(s) (hplip.conf). This means that SELinux will not allow python to use these files. It is common for users to edit files in their home directory or tmp directories and then move (mv) them to system directories. The problem is that the files end up with the wrong file context which confined applications are not allowed to access.

Allowing Access
If you want python to access this files, you need to relabel them using restorecon -v hplip.conf. You might want to relabel the entire directory using restorecon -R -v .

Additional Information
Source Context: system_u:system_r:hplip_t:SystemLow-SystemHigh
Target Context: user_u:object_r:user_home_t
Target Objects: hplip.conf [ file ]
Affected RPM Packages:
Policy RPM: selinux-policy-2.6.4-70.fc7
Selinux Enabled: True
Policy Type: targeted
MLS Enabled: True
Enforcing Mode: Permissive
Plugin Name: plugins.home_tmp_bad_labels
Host Name: localhost.localdomain
Platform: Linux localhost.localdomain 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 athlon
Alert Count: 3
First Seen: Thu 17 Jul 2008 08:59:12 PM BST
Last Seen: Fri 18 Jul 2008 01:48:57 PM BST
Local ID: 0c850aab-164f-4071-aa03-58d681825628

Line Numbers:

Raw Audit Messages :

avc: denied { read } for comm="python" dev=dm-0 egid=7 euid=0 exe="/usr/bin/python" exit=5 fsgid=7 fsuid=0 gid=7 items=0 name="hplip.conf" pid=2596 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:hplip_t:s0-s0:c0.c1023 suid=0 tclass=file tcontext=user_u:object_r:user_home_t:s0 tty=(none) uid=0

-bash-3.2$ hp-check -t

HP Linux Imaging and Printing System (ver. 2.8.6)
Dependency/Version Check Utility ver. 14.0

Copyright (c) 2001-8 Hewlett-Packard Development Company, LP
This software comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to distribute it
under certain conditions. See COPYING file for more details.

Note: hp-check can be run in three modes:
1. Compile-time check mode (-c or --compile): Use this mode before compiling the
HPLIP supplied tarball (.tar.gz or .run) to determine if the proper dependencies
are installed to successfully compile HPLIP.
2. Run-time check mode (-r or --run): Use this mode to determine if a distro
supplied package (.deb, .rpm, etc) or an already built HPLIP supplied tarball
has the proper dependencies installed to successfully run.
3. Both compile- and run-time check mode (-b or --both) (Default): This mode
will check both of the above cases (both compile- and run-time dependencies).

Saving output in log file: hp-check.log

Initializing. Please wait...

---------------
| SYSTEM INFO |
---------------

Basic system information:
Linux localhost.localdomain 2.6.23.17-88.fc7 #1 SMP Thu May 15 00:35:10 EDT 2008 i686 athlon i386 GNU/Linux

Distribution:
fedora 7

HPOJ running?
No, HPOJ is not running (OK).

Checking Python version...
OK, version 2.5.0 installed

Checking PyQt version...
OK, version 3.17 installed.

Checking SIP version...
OK, Version 4.7.3 installed

Checking for CUPS...
Status: scheduler is running
Version: 1.2.12
warning: /etc/cups/cupsd.conf file not found or not accessible.

Checking for dbus/python-dbus...
dbus daemon is running.
python-dbus version: 0.82.3

------------------------------------
| COMPILE AND RUNTIME DEPENDENCIES |
------------------------------------

note: To check for compile-time only dependencies, re-run hp-check with the -c parameter (ie, hp-check -c).
note: To check for run-time only dependencies, re-run hp-check with the -r parameter (ie, hp-check -r).

Checking for dependency: cups - Common Unix Printing System...
OK, found.

Checking for dependency: cups-ddk - CUPS driver development kit...
OK, found.

Checking for dependency: cups-devel- Common Unix Printing System development files...
OK, found.

Checking for dependency: dbus - Message bus system...
OK, found.

Checking for dependency: gcc - GNU Project C and C++ Compiler...
OK, found.

Checking for dependency: GhostScript - PostScript and PDF language interpreter and previewer...
OK, found.

Checking for dependency: libcrypto - OpenSSL cryptographic library...
OK, found.

Checking for dependency: libjpeg - JPEG library...
OK, found.

Checking for dependency: libnetsnmp-devel - SNMP networking library development files...
OK, found.

Checking for dependency: libpthread - POSIX threads library...
OK, found.

Checking for dependency: libtool - Library building support services...
OK, found.

Checking for dependency: libusb - USB library...
OK, found.

Checking for dependency: make - GNU make utility to maintain groups of programs...
OK, found.

Checking for dependency: PIL - Python Imaging Library (required for commandline scanning with hp-scan)...
OK, found.

Checking for dependency: ppdev - Parallel port support kernel module....
OK, found.

Checking for dependency: PyQt - Qt interface for Python...
OK, found.

Checking for dependency: python-ctypes - A foreign function library for Python...
OK, found.

Checking for dependency: python-dbus - Python bindings for dbus...
OK, found.

Checking for dependency: python-devel - Python development files...
OK, found.

Checking for dependency: Python 2.3 or greater - Required for fax functionality...
OK, found.

Checking for dependency: Python 2.2 or greater - Python programming language...
OK, found.

Checking for dependency: Reportlab - PDF library for Python...
OK, found.

Checking for dependency: SANE - Scanning library...
error: NOT FOUND! This is a REQUIRED/RUNTIME ONLY dependency. Please make sure that this dependency is installed before installing or running HPLIP.
To install this dependency, execute this command:
su -c "yum -y -d 10 -e 1 install sane-backends"

Checking for dependency: SANE - Scanning library development files...
error: NOT FOUND! This is a REQUIRED/COMPILE TIME ONLY dependency. Please make sure that this dependency is installed before installing or running HPLIP.
To install this dependency, execute this command:
su -c "yum -y -d 10 -e 1 install sane-backends-devel"

Checking for dependency: scanimage - Shell scanning program...
warning: NOT FOUND! This is an OPTIONAL/RUNTIME ONLY dependency. Some HPLIP functionality may not function properly.
To install this dependency, execute this command:
su -c "yum -y -d 10 -e 1 install sane-frontends"

Checking for dependency: xsane - Graphical scanner frontend for SANE...
warning: NOT FOUND! This is an OPTIONAL/RUNTIME ONLY dependency. Some HPLIP functionality may not function properly.
To install this dependency, execute this command:
su -c "yum -y -d 10 -e 1 install xsane"

----------------------
| HPLIP INSTALLATION |
----------------------

Currently installed HPLIP version...
HPLIP 2.8.6 currently installed in '/usr/share/hplip'.

Current contents of '/etc/hp/hplip.conf' file:
# hplip.conf. Generated from hplip.conf.in by configure.

[hplip]
version=2.8.6

[dirs]
home=/usr/share/hplip
run=/var/run
ppd=/usr/share/cups/model/HP
ppdbase=/usr/share/cups/model
doc=/usr/share/doc/hplip-2.8.6
icon=/usr/share/applications
cupsbackend=/usr/lib/cups/backend
cupsfilter=/usr/lib/cups/filter
drv=/usr/share/cups/drv/hp/

# Following values are determined at configure time and cannot be changed.
[configure]
network-build=yes
pp-build=no
gui-build=yes
scanner-build=no
fax-build=yes
dbus-build=yes
cups11-build=no
doc-build=yes
shadow-build=no
foomatic-drv-install=yes
foomatic-ppd-install=no
foomatic-rip-hplip-install=yes
internal-tag=2.8.6.20

--------------------------
| DISCOVERED USB DEVICES |
--------------------------

  Device URI Model
  -------------------------------- --------------------------
  hp:/usb/Photosmart_C5200_series? HP Photosmart C5200 series
  serial=MY859G208D0559

---------------------------------
| INSTALLED CUPS PRINTER QUEUES |
---------------------------------

Photosmart_C5200_series
-----------------------
Type: Printer
Installed in HPLIP?: Yes, using the hp: CUPS backend.
Device URI: hp:/usb/Photosmart_C5200_series?serial=MY859G208D0559
PPD: /etc/cups/ppd/Photosmart_C5200_series.ppd
PPD Description: HP PhotoSmart C5100 Foomatic/hpijs (recommended)
Printer status: printer Photosmart_C5200_series is idle. enabled since Fri 18 Jul 2008 01:56:28 PM BST
Communication status: Good

---------------------
| PYTHON EXTENSIONS |
---------------------

Checking 'cupsext' CUPS extension...
OK, found.

Checking 'pcardext' Photocard extension...
OK, found.

Checking 'hpmudext' I/O extension...
OK, found.

-----------------
| USB I/O SETUP |
-----------------

Checking for permissions of USB attached printers...

HP Device 0x5d11 at 004:002:
    Device URI: hp:/usb/Photosmart_C5200_series?serial=MY859G208D0559
    Device node: /dev/bus/usb/004/002
    Mode: 0666
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/004/002
# owner: root
# group: lp
user::rw-
group::rw-
other::rw-

-----------
| SUMMARY |
-----------

error: 4 errors and/or warnings.

Summary of needed commands to run to satisfy missing dependencies:
su -c "yum -y -d 10 -e 1 install sane-backends"
su -c "yum -y -d 10 -e 1 install sane-backends-devel"
su -c "yum -y -d 10 -e 1 install sane-frontends"
su -c "yum -y -d 10 -e 1 install xsane"

Please refer to the installation instructions at:
http://hplip.sourceforge.net/install/index.html

Done.