Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 157341 Details for
Bug 244765
AVC Denials for CPUs using MFC420CN Printer
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
six AVC alert messages from the SELinux debugger
selinux_alert_123456.txt (text/plain), 14.55 KB, created by
Mark Phipps
on 2007-06-19 02:22:28 UTC
(
hide
)
Description:
six AVC alert messages from the SELinux debugger
Filename:
MIME Type:
Creator:
Mark Phipps
Created:
2007-06-19 02:22:28 UTC
Size:
14.55 KB
patch
obsolete
>Summary > SELinux is preventing /usr/bin/brprintconfij2 (cupsd_t) "unlink" to > brMFC420CNrc.old (cupsd_exec_t). > >Detailed Description > SELinux denied access requested by /usr/bin/brprintconfij2. It is not > expected that this access is required by /usr/bin/brprintconfij2 and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for brMFC420CNrc.old, restorecon -v > brMFC420CNrc.old If this does not work, there is currently no automatic way > to allow this access. Instead, you can generate a local policy module to > allow this access - see http://fedora.redhat.com/docs/selinux-faq- > fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:cupsd_exec_t >Target Objects brMFC420CNrc.old [ file ] >Affected RPM Packages MFC420CNlpr-1.0.2-1 [application] >Policy RPM selinux-policy-2.6.4-14.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name nazgul.localdomain >Platform Linux nazgul.localdomain 2.6.21-1.3228.fc7 #1 SMP > Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 >Alert Count 2 >First Seen Mon 18 Jun 2007 06:47:24 PM MDT >Last Seen Mon 18 Jun 2007 06:58:15 PM MDT >Local ID f1744215-9043-4761-825b-c97b4f640d60 >Line Numbers > >Raw Audit Messages > >avc: denied { unlink } for comm="brprintconfij2" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/brprintconfij2" exit=0 fsgid=7 fsuid=4 gid=7 items=0 >name="brMFC420CNrc.old" pid=4769 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file >tcontext=system_u:object_r:cupsd_exec_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing /usr/bin/brprintconfij2 (cupsd_t) "rename" to > brMFC420CNrc (usr_t). > >Detailed Description > SELinux denied access requested by /usr/bin/brprintconfij2. It is not > expected that this access is required by /usr/bin/brprintconfij2 and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for brMFC420CNrc, restorecon -v > brMFC420CNrc If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:usr_t >Target Objects brMFC420CNrc [ file ] >Affected RPM Packages MFC420CNlpr-1.0.2-1 [application] >Policy RPM selinux-policy-2.6.4-14.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name nazgul.localdomain >Platform Linux nazgul.localdomain 2.6.21-1.3228.fc7 #1 SMP > Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 >Alert Count 3 >First Seen Sun 17 Jun 2007 06:39:05 PM MDT >Last Seen Mon 18 Jun 2007 06:58:15 PM MDT >Local ID d3a21f83-f609-4610-9408-dbe20859de0c >Line Numbers > >Raw Audit Messages > >avc: denied { rename } for comm="brprintconfij2" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/brprintconfij2" exit=0 fsgid=7 fsuid=4 gid=7 items=0 >name="brMFC420CNrc" pid=4770 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 >sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing /usr/bin/brprintconfij2 (cupsd_t) "write" to > /usr/local/Brother/inf/brMFC420CNrc (usr_t). > >Detailed Description > SELinux denied access requested by /usr/bin/brprintconfij2. It is not > expected that this access is required by /usr/bin/brprintconfij2 and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for > /usr/local/Brother/inf/brMFC420CNrc, restorecon -v > /usr/local/Brother/inf/brMFC420CNrc If this does not work, there is > currently no automatic way to allow this access. Instead, you can generate > a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:usr_t >Target Objects /usr/local/Brother/inf/brMFC420CNrc [ file ] >Affected RPM Packages MFC420CNlpr-1.0.2-1 > [application]MFC420CNlpr-1.0.2-1 [target] >Policy RPM selinux-policy-2.6.4-14.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name nazgul.localdomain >Platform Linux nazgul.localdomain 2.6.21-1.3228.fc7 #1 SMP > Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 >Alert Count 6 >First Seen Sun 17 Jun 2007 06:39:05 PM MDT >Last Seen Mon 18 Jun 2007 06:58:15 PM MDT >Local ID 3799b15a-0d81-478e-9c45-967017d6cd0f >Line Numbers > >Raw Audit Messages > >avc: denied { write } for comm="brprintconfij2" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/brprintconfij2" exit=321 fsgid=7 fsuid=4 gid=7 items=0 >name="brMFC420CNrc" path="/usr/local/Brother/inf/brMFC420CNrc" pid=4769 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing /usr/bin/brprintconfij2 (cupsd_t) "create" to > brMFC420CNrc (usr_t). > >Detailed Description > SELinux denied access requested by /usr/bin/brprintconfij2. It is not > expected that this access is required by /usr/bin/brprintconfij2 and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for brMFC420CNrc, restorecon -v > brMFC420CNrc If this does not work, there is currently no automatic way to > allow this access. Instead, you can generate a local policy module to allow > this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 > Or you can disable SELinux protection altogether. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:usr_t >Target Objects brMFC420CNrc [ file ] >Affected RPM Packages MFC420CNlpr-1.0.2-1 [application] >Policy RPM selinux-policy-2.6.4-14.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name nazgul.localdomain >Platform Linux nazgul.localdomain 2.6.21-1.3228.fc7 #1 SMP > Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 >Alert Count 6 >First Seen Sun 17 Jun 2007 06:39:05 PM MDT >Last Seen Mon 18 Jun 2007 06:58:15 PM MDT >Local ID acccc805-c798-467e-abd6-ef6a03e9da99 >Line Numbers > >Raw Audit Messages > >avc: denied { create } for comm="brprintconfij2" egid=7 euid=4 >exe="/usr/bin/brprintconfij2" exit=3 fsgid=7 fsuid=4 gid=7 items=0 >name="brMFC420CNrc" pid=4769 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 >sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing /usr/bin/brprintconfij2 (cupsd_t) "add_name" to > brMFC420CNrc.old (usr_t). > >Detailed Description > SELinux denied access requested by /usr/bin/brprintconfij2. It is not > expected that this access is required by /usr/bin/brprintconfij2 and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for brMFC420CNrc.old, restorecon -v > brMFC420CNrc.old If this does not work, there is currently no automatic way > to allow this access. Instead, you can generate a local policy module to > allow this access - see http://fedora.redhat.com/docs/selinux-faq- > fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context user_u:object_r:usr_t >Target Objects brMFC420CNrc.old [ dir ] >Affected RPM Packages MFC420CNlpr-1.0.2-1 [application] >Policy RPM selinux-policy-2.6.4-14.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name nazgul.localdomain >Platform Linux nazgul.localdomain 2.6.21-1.3228.fc7 #1 SMP > Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 >Alert Count 6 >First Seen Sun 17 Jun 2007 06:39:05 PM MDT >Last Seen Mon 18 Jun 2007 06:58:15 PM MDT >Local ID 972b0727-9b74-485b-baf5-16d3ad0a9063 >Line Numbers > >Raw Audit Messages > >avc: denied { add_name } for comm="brprintconfij2" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/brprintconfij2" exit=0 fsgid=7 fsuid=4 gid=7 items=0 >name="brMFC420CNrc.old" pid=4769 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir >tcontext=user_u:object_r:usr_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing /usr/bin/brprintconfij2 (cupsd_t) "unlink" to > brMFC420CNrc.old (usr_t). > >Detailed Description > SELinux denied access requested by /usr/bin/brprintconfij2. It is not > expected that this access is required by /usr/bin/brprintconfij2 and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. > >Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for brMFC420CNrc.old, restorecon -v > brMFC420CNrc.old If this does not work, there is currently no automatic way > to allow this access. Instead, you can generate a local policy module to > allow this access - see http://fedora.redhat.com/docs/selinux-faq- > fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling > SELinux protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:usr_t >Target Objects brMFC420CNrc.old [ file ] >Affected RPM Packages MFC420CNlpr-1.0.2-1 [application] >Policy RPM selinux-policy-2.6.4-14.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Permissive >Plugin Name plugins.catchall_file >Host Name nazgul.localdomain >Platform Linux nazgul.localdomain 2.6.21-1.3228.fc7 #1 SMP > Tue Jun 12 14:56:37 EDT 2007 x86_64 x86_64 >Alert Count 6 >First Seen Sun 17 Jun 2007 06:39:05 PM MDT >Last Seen Mon 18 Jun 2007 06:58:15 PM MDT >Local ID b43a9a5d-cc80-4ab6-9792-874d8999fe75 >Line Numbers > >Raw Audit Messages > >avc: denied { unlink } for comm="brprintconfij2" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/brprintconfij2" exit=0 fsgid=7 fsuid=4 gid=7 items=0 >name="brMFC420CNrc.old" pid=4770 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file >tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=157341">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 244765
: 157341