Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 157557 Details for
Bug 244915
SELinux is preventing /usr/sbin/crond (crond_t) "audit_control" to (crond_t).
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
copyalerts for bug 199631
copyalerts-cupsprinting-smb-lx2win.txt (text/plain), 15.15 KB, created by
Darwin H. Webb
on 2007-06-21 17:11:30 UTC
(
hide
)
Description:
copyalerts for bug 199631
Filename:
MIME Type:
Creator:
Darwin H. Webb
Created:
2007-06-21 17:11:30 UTC
Size:
15.15 KB
patch
obsolete
>#AVC messages triggered by smb winodws shared printer Linux ==> Win Xp > > >Summary > SELinux is preventing access to files with the default label, default_t. > >Detailed Description > SELinux permission checks on files labeled default_t are being denied. > These files/directories have the default label on them. This can indicate a > labeling problem, especially if the files being referred to are not top > level directories. Any files/directories under standard system directories, > /usr, /var. /dev, /tmp, ..., should not be labeled with the default label. > The default label is for files/directories which do not have a label on a > parent directory. So if you create a new directory in / you might > legitimately get this label. > >Allowing Access > If you want a confined domain to use these files you will probably need to > relabel the file/directory with chcon. In some cases it is just easier to > relabel the system, to relabel execute: "touch /.autorelabel; reboot" > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:default_t >Target Objects root [ dir ] >Affected RPM Packages filesystem-2.4.6-1.fc7 [target] >Policy RPM selinux-policy-2.6.4-8.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.default >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3194.fc7 #1 SMP Wed May > 23 22:35:01 EDT 2007 i686 i686 >Alert Count 1 >First Seen Sat 26 May 2007 03:14:23 PM EDT >Last Seen Sat 26 May 2007 03:14:23 PM EDT >Local ID f59a74de-a644-4081-b23f-56d1e18441d3 >Line Numbers > >Raw Audit Messages > >avc: denied { search } for comm="python" dev=dm-0 egid=7 euid=0 >exe="/usr/bin/python" exit=-13 fsgid=7 fsuid=0 gid=7 items=0 name="root" >pid=3255 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=0 tclass=dir >tcontext=system_u:object_r:default_t:s0 tty=(none) uid=0 > >Summary > SELinux is preventing the /usr/bin/smbspool from using potentially > mislabeled files (/tmp/.X11-unix). > >Detailed Description > SELinux has denied /usr/bin/smbspool access to potentially mislabeled > file(s) (/tmp/.X11-unix). This means that SELinux will not allow > /usr/bin/smbspool to use these files. It is common for users to edit files > in their home directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > >Allowing Access > If you want /usr/bin/smbspool to access this files, you need to relabel them > using restorecon -v /tmp/.X11-unix. You might want to relabel the entire > directory using restorecon -R -v /tmp. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:xdm_tmp_t >Target Objects /tmp/.X11-unix [ dir ] >Affected RPM Packages samba-client-3.0.25a-3.fc7 [application] >Policy RPM selinux-policy-2.6.4-21.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.home_tmp_bad_labels >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun > 20 16:10:53 EDT 2007 i686 i686 >Alert Count 18 >First Seen Sat 26 May 2007 05:14:16 PM EDT >Last Seen Thu 21 Jun 2007 09:42:01 AM EDT >Local ID 151a1282-4652-4e82-9560-a185b29e0206 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name=".X11-unix" >path="/tmp/.X11-unix" pid=4354 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 >sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir >tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing the /usr/bin/smbspool from using potentially > mislabeled files (/tmp/mapping-darwinhwebb). > >Detailed Description > SELinux has denied /usr/bin/smbspool access to potentially mislabeled > file(s) (/tmp/mapping-darwinhwebb). This means that SELinux will not allow > /usr/bin/smbspool to use these files. It is common for users to edit files > in their home directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > >Allowing Access > If you want /usr/bin/smbspool to access this files, you need to relabel them > using restorecon -v /tmp/mapping-darwinhwebb. You might want to relabel the > entire directory using restorecon -R -v /tmp. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context user_u:object_r:tmp_t >Target Objects /tmp/mapping-darwinhwebb [ sock_file ] >Affected RPM Packages samba-client-3.0.25a-3.fc7 [application] >Policy RPM selinux-policy-2.6.4-21.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.home_tmp_bad_labels >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun > 20 16:10:53 EDT 2007 i686 i686 >Alert Count 18 >First Seen Sat 26 May 2007 05:14:16 PM EDT >Last Seen Thu 21 Jun 2007 09:42:01 AM EDT >Local ID 4660a89b-7638-4b5c-9f78-f4b4076ee43b >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="mapping- >darwinhwebb" path="/tmp/mapping-darwinhwebb" pid=4354 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=sock_file >tcontext=user_u:object_r:tmp_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing the /usr/bin/smbspool from using potentially > mislabeled files (/tmp/.gdm_socket). > >Detailed Description > SELinux has denied /usr/bin/smbspool access to potentially mislabeled > file(s) (/tmp/.gdm_socket). This means that SELinux will not allow > /usr/bin/smbspool to use these files. It is common for users to edit files > in their home directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > >Allowing Access > If you want /usr/bin/smbspool to access this files, you need to relabel them > using restorecon -v /tmp/.gdm_socket. You might want to relabel the entire > directory using restorecon -R -v /tmp. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:xdm_tmp_t >Target Objects /tmp/.gdm_socket [ sock_file ] >Affected RPM Packages samba-client-3.0.25a-3.fc7 [application] >Policy RPM selinux-policy-2.6.4-21.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.home_tmp_bad_labels >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun > 20 16:10:53 EDT 2007 i686 i686 >Alert Count 18 >First Seen Sat 26 May 2007 05:14:16 PM EDT >Last Seen Thu 21 Jun 2007 09:42:01 AM EDT >Local ID 9a4ec090-5ca4-4aba-aa38-614b4d0b7b0a >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 >name=".gdm_socket" path="/tmp/.gdm_socket" pid=4354 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=sock_file >tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing the /usr/bin/smbspool from using potentially > mislabeled files (/tmp/.font-unix). > >Detailed Description > SELinux has denied /usr/bin/smbspool access to potentially mislabeled > file(s) (/tmp/.font-unix). This means that SELinux will not allow > /usr/bin/smbspool to use these files. It is common for users to edit files > in their home directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > >Allowing Access > If you want /usr/bin/smbspool to access this files, you need to relabel them > using restorecon -v /tmp/.font-unix. You might want to relabel the entire > directory using restorecon -R -v /tmp. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:xfs_tmp_t >Target Objects /tmp/.font-unix [ dir ] >Affected RPM Packages samba-client-3.0.25a-3.fc7 [application] >Policy RPM selinux-policy-2.6.4-21.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.home_tmp_bad_labels >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun > 20 16:10:53 EDT 2007 i686 i686 >Alert Count 18 >First Seen Sat 26 May 2007 05:14:16 PM EDT >Last Seen Thu 21 Jun 2007 09:42:01 AM EDT >Local ID a0dc9361-e2d7-4cef-9b21-8be1516af53b >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name=".font-unix" >path="/tmp/.font-unix" pid=4354 >scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 >subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir >tcontext=system_u:object_r:xfs_tmp_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing the /usr/bin/smbspool from using potentially > mislabeled files (/tmp/.ICE-unix). > >Detailed Description > SELinux has denied /usr/bin/smbspool access to potentially mislabeled > file(s) (/tmp/.ICE-unix). This means that SELinux will not allow > /usr/bin/smbspool to use these files. It is common for users to edit files > in their home directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > >Allowing Access > If you want /usr/bin/smbspool to access this files, you need to relabel them > using restorecon -v /tmp/.ICE-unix. You might want to relabel the entire > directory using restorecon -R -v /tmp. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:xdm_tmp_t >Target Objects /tmp/.ICE-unix [ dir ] >Affected RPM Packages samba-client-3.0.25a-3.fc7 [application] >Policy RPM selinux-policy-2.6.4-21.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.home_tmp_bad_labels >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun > 20 16:10:53 EDT 2007 i686 i686 >Alert Count 18 >First Seen Sat 26 May 2007 05:14:16 PM EDT >Last Seen Thu 21 Jun 2007 09:42:01 AM EDT >Local ID 927e4a89-b33b-4193-b632-5ded390e3259 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name=".ICE-unix" >path="/tmp/.ICE-unix" pid=4354 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 >sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir >tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4 > >Summary > SELinux is preventing the /usr/bin/smbspool from using potentially > mislabeled files (/tmp/orbit-gdm). > >Detailed Description > SELinux has denied /usr/bin/smbspool access to potentially mislabeled > file(s) (/tmp/orbit-gdm). This means that SELinux will not allow > /usr/bin/smbspool to use these files. It is common for users to edit files > in their home directory or tmp directories and then move (mv) them to system > directories. The problem is that the files end up with the wrong file > context which confined applications are not allowed to access. > >Allowing Access > If you want /usr/bin/smbspool to access this files, you need to relabel them > using restorecon -v /tmp/orbit-gdm. You might want to relabel the entire > directory using restorecon -R -v /tmp. > >Additional Information > >Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh >Target Context system_u:object_r:xdm_tmp_t >Target Objects /tmp/orbit-gdm [ dir ] >Affected RPM Packages samba-client-3.0.25a-3.fc7 [application] >Policy RPM selinux-policy-2.6.4-21.fc7 >Selinux Enabled True >Policy Type targeted >MLS Enabled True >Enforcing Mode Enforcing >Plugin Name plugins.home_tmp_bad_labels >Host Name Ruthie-07 >Platform Linux Ruthie-07 2.6.21-1.3230.fc8 #1 SMP Wed Jun > 20 16:10:53 EDT 2007 i686 i686 >Alert Count 17 >First Seen Sat 26 May 2007 05:14:16 PM EDT >Last Seen Thu 21 Jun 2007 09:42:01 AM EDT >Local ID 6a77a6ee-86d4-40bc-a5ad-9ae91d4b39b3 >Line Numbers > >Raw Audit Messages > >avc: denied { getattr } for comm="smb" dev=dm-0 egid=7 euid=4 >exe="/usr/bin/smbspool" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="orbit-gdm" >path="/tmp/orbit-gdm" pid=4354 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 >sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=dir >tcontext=system_u:object_r:xdm_tmp_t:s0 tty=(none) uid=4 > > >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 244915
:
157556
| 157557