Attachment 157557 Details for Bug 244915 – copyalerts for bug 199631

copyalerts for bug 199631

copyalerts-cupsprinting-smb-lx2win.txt (text/plain), 15.15 KB, created by Darwin H. Webb on 2007-06-21 17:11:30 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Darwin H. Webb

Created: 2007-06-21 17:11:30 UTC

Size: 15.15 KB

patch

obsolete

>#AVC messages triggered by smb winodws shared printer Linux ==> Win Xp
>
>
>Summary
>    SELinux is preventing access to files with the default label, default_t.
>
>Detailed Description
>    SELinux permission checks on files labeled default_t are being denied.
>    These files/directories have the default label on them.  This can indicate a
>    labeling problem, especially if the files being referred to  are not top
>    level directories. Any files/directories under standard system directories,
>    /usr, /var. /dev, /tmp, ..., should not be labeled with the default label.
>    The default label is for files/directories which do not have a label on a
>    parent directory. So if you create a new directory in / you might
>    legitimately get this label.
>
>Allowing Access
>    If you want a confined domain to use these files you will probably need to
>    relabel the file/directory with chcon. In some cases it is just easier to
>    relabel the system, to relabel execute: "touch /.autorelabel; reboot"
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                system_u:object_r:default_t
>Target Objects                root [ dir ]
>Affected RPM Packages         filesystem-2.4.6-1.fc7 [target]
>Policy RPM                    selinux-policy-2.6.4-8.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.default
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3194.fc7 #1 SMP Wed May
>                              23 22:35:01 EDT 2007 i686 i686
>Alert Count                   1
>First Seen                    Sat 26 May 2007 03:14:23 PM EDT
>Last Seen                     Sat 26 May 2007 03:14:23 PM EDT
>Local ID                      f59a74de-a644-4081-b23f-56d1e18441d3
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { search } for comm="python" dev=dm-0 egid=7 euid=0
>exe="/usr/bin/python" exit=-13 fsgid=7 fsuid=0 gid=7 items=0 name="root"
>pid=3255 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
>subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=0 tclass=dir
>tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0
>
>Summary
>    SELinux is preventing the /usr/bin/smbspool from using potentially
>    mislabeled files (/tmp/.X11-unix).
>
>Detailed Description
>    SELinux has denied /usr/bin/smbspool access to potentially mislabeled
>    file(s) (/tmp/.X11-unix).  This means that SELinux will not allow
>    /usr/bin/smbspool to use these files.  It is common for users to edit files
>    in their home directory or tmp directories and then move (mv) them to system
>    directories.  The problem is that the files end up with the wrong file
>    context which confined applications are not allowed to access.
>
>Allowing Access
>    If you want /usr/bin/smbspool to access this files, you need to relabel them
>    using restorecon -v /tmp/.X11-unix.  You might want to relabel the entire
>    directory using restorecon -R -v /tmp.
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                system_u:object_r:xdm_tmp_t
>Target Objects                /tmp/.X11-unix [ dir ]
>Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
>Policy RPM                    selinux-policy-2.6.4-21.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.home_tmp_bad_labels
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun
>                              20 16:10:53 EDT 2007 i686 i686
>Alert Count                   18
>First Seen                    Sat 26 May 2007 05:14:16 PM EDT
>Last Seen                     Thu 21 Jun 2007 09:42:01 AM EDT
>Local ID                      151a1282-4652-4e82-9560-a185b29e0206
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4
>exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name=".X11-unix"
>path="/tmp/.X11-unix" pid=4354 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
>sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
>tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4
>
>Summary
>    SELinux is preventing the /usr/bin/smbspool from using potentially
>    mislabeled files (/tmp/mapping-darwinhwebb).
>
>Detailed Description
>    SELinux has denied /usr/bin/smbspool access to potentially mislabeled
>    file(s) (/tmp/mapping-darwinhwebb).  This means that SELinux will not allow
>    /usr/bin/smbspool to use these files.  It is common for users to edit files
>    in their home directory or tmp directories and then move (mv) them to system
>    directories.  The problem is that the files end up with the wrong file
>    context which confined applications are not allowed to access.
>
>Allowing Access
>    If you want /usr/bin/smbspool to access this files, you need to relabel them
>    using restorecon -v /tmp/mapping-darwinhwebb.  You might want to relabel the
>    entire directory using restorecon -R -v /tmp.
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                user_u:object_r:tmp_t
>Target Objects                /tmp/mapping-darwinhwebb [ sock_file ]
>Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
>Policy RPM                    selinux-policy-2.6.4-21.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.home_tmp_bad_labels
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun
>                              20 16:10:53 EDT 2007 i686 i686
>Alert Count                   18
>First Seen                    Sat 26 May 2007 05:14:16 PM EDT
>Last Seen                     Thu 21 Jun 2007 09:42:01 AM EDT
>Local ID                      4660a89b-7638-4b5c-9f78-f4b4076ee43b
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4
>exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="mapping-
>darwinhwebb" path="/tmp/mapping-darwinhwebb" pid=4354
>scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
>subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=sock_file
>tcontext=user_u:object_r:tmp_t:s0 tty=(none) uid=4
>
>Summary
>    SELinux is preventing the /usr/bin/smbspool from using potentially
>    mislabeled files (/tmp/.gdm_socket).
>
>Detailed Description
>    SELinux has denied /usr/bin/smbspool access to potentially mislabeled
>    file(s) (/tmp/.gdm_socket).  This means that SELinux will not allow
>    /usr/bin/smbspool to use these files.  It is common for users to edit files
>    in their home directory or tmp directories and then move (mv) them to system
>    directories.  The problem is that the files end up with the wrong file
>    context which confined applications are not allowed to access.
>
>Allowing Access
>    If you want /usr/bin/smbspool to access this files, you need to relabel them
>    using restorecon -v /tmp/.gdm_socket.  You might want to relabel the entire
>    directory using restorecon -R -v /tmp.
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                system_u:object_r:xdm_tmp_t
>Target Objects                /tmp/.gdm_socket [ sock_file ]
>Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
>Policy RPM                    selinux-policy-2.6.4-21.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.home_tmp_bad_labels
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun
>                              20 16:10:53 EDT 2007 i686 i686
>Alert Count                   18
>First Seen                    Sat 26 May 2007 05:14:16 PM EDT
>Last Seen                     Thu 21 Jun 2007 09:42:01 AM EDT
>Local ID                      9a4ec090-5ca4-4aba-aa38-614b4d0b7b0a
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4
>exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0
>name=".gdm_socket" path="/tmp/.gdm_socket" pid=4354
>scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
>subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=sock_file
>tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4
>
>Summary
>    SELinux is preventing the /usr/bin/smbspool from using potentially
>    mislabeled files (/tmp/.font-unix).
>
>Detailed Description
>    SELinux has denied /usr/bin/smbspool access to potentially mislabeled
>    file(s) (/tmp/.font-unix).  This means that SELinux will not allow
>    /usr/bin/smbspool to use these files.  It is common for users to edit files
>    in their home directory or tmp directories and then move (mv) them to system
>    directories.  The problem is that the files end up with the wrong file
>    context which confined applications are not allowed to access.
>
>Allowing Access
>    If you want /usr/bin/smbspool to access this files, you need to relabel them
>    using restorecon -v /tmp/.font-unix.  You might want to relabel the entire
>    directory using restorecon -R -v /tmp.
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                system_u:object_r:xfs_tmp_t
>Target Objects                /tmp/.font-unix [ dir ]
>Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
>Policy RPM                    selinux-policy-2.6.4-21.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.home_tmp_bad_labels
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun
>                              20 16:10:53 EDT 2007 i686 i686
>Alert Count                   18
>First Seen                    Sat 26 May 2007 05:14:16 PM EDT
>Last Seen                     Thu 21 Jun 2007 09:42:01 AM EDT
>Local ID                      a0dc9361-e2d7-4cef-9b21-8be1516af53b
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4
>exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name=".font-unix"
>path="/tmp/.font-unix" pid=4354
>scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
>subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
>tcontext=system_u:object_r:xfs_tmp_t:s0 tty=(none) uid=4
>
>Summary
>    SELinux is preventing the /usr/bin/smbspool from using potentially
>    mislabeled files (/tmp/.ICE-unix).
>
>Detailed Description
>    SELinux has denied /usr/bin/smbspool access to potentially mislabeled
>    file(s) (/tmp/.ICE-unix).  This means that SELinux will not allow
>    /usr/bin/smbspool to use these files.  It is common for users to edit files
>    in their home directory or tmp directories and then move (mv) them to system
>    directories.  The problem is that the files end up with the wrong file
>    context which confined applications are not allowed to access.
>
>Allowing Access
>    If you want /usr/bin/smbspool to access this files, you need to relabel them
>    using restorecon -v /tmp/.ICE-unix.  You might want to relabel the entire
>    directory using restorecon -R -v /tmp.
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                system_u:object_r:xdm_tmp_t
>Target Objects                /tmp/.ICE-unix [ dir ]
>Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
>Policy RPM                    selinux-policy-2.6.4-21.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.home_tmp_bad_labels
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun
>                              20 16:10:53 EDT 2007 i686 i686
>Alert Count                   18
>First Seen                    Sat 26 May 2007 05:14:16 PM EDT
>Last Seen                     Thu 21 Jun 2007 09:42:01 AM EDT
>Local ID                      927e4a89-b33b-4193-b632-5ded390e3259
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4
>exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name=".ICE-unix"
>path="/tmp/.ICE-unix" pid=4354 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
>sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
>tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4
>
>Summary
>    SELinux is preventing the /usr/bin/smbspool from using potentially
>    mislabeled files (/tmp/orbit-gdm).
>
>Detailed Description
>    SELinux has denied /usr/bin/smbspool access to potentially mislabeled
>    file(s) (/tmp/orbit-gdm).  This means that SELinux will not allow
>    /usr/bin/smbspool to use these files.  It is common for users to edit files
>    in their home directory or tmp directories and then move (mv) them to system
>    directories.  The problem is that the files end up with the wrong file
>    context which confined applications are not allowed to access.
>
>Allowing Access
>    If you want /usr/bin/smbspool to access this files, you need to relabel them
>    using restorecon -v /tmp/orbit-gdm.  You might want to relabel the entire
>    directory using restorecon -R -v /tmp.
>
>Additional Information        
>
>Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
>Target Context                system_u:object_r:xdm_tmp_t
>Target Objects                /tmp/orbit-gdm [ dir ]
>Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
>Policy RPM                    selinux-policy-2.6.4-21.fc7
>Selinux Enabled               True
>Policy Type                   targeted
>MLS Enabled                   True
>Enforcing Mode                Enforcing
>Plugin Name                   plugins.home_tmp_bad_labels
>Host Name                     Ruthie-07
>Platform                      Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun
>                              20 16:10:53 EDT 2007 i686 i686
>Alert Count                   17
>First Seen                    Sat 26 May 2007 05:14:16 PM EDT
>Last Seen                     Thu 21 Jun 2007 09:42:01 AM EDT
>Local ID                      6a77a6ee-86d4-40bc-a5ad-9ae91d4b39b3
>Line Numbers                  
>
>Raw Audit Messages            
>
>avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4
>exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="orbit-gdm"
>path="/tmp/orbit-gdm" pid=4354 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
>sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir
>tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4
>
>
>

Actions: View

Attachments on bug 244915: 157556 | 157557