Attachment 606140 Details for Bug 850670 – File: description

File: description

description (text/plain), 3.23 KB, created by Luya Tshimbalanga on 2012-08-22 06:41:40 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Luya Tshimbalanga

Created: 2012-08-22 06:41:40 UTC

Size: 3.23 KB

patch

obsolete

>SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the file /etc/nsswitch.conf.
>
>*****  Plugin catchall_labels (83.8 confidence) suggests  ********************
>
>If you want to allow python2.7 to have read access on the nsswitch.conf file
>Then you need to change the label on /etc/nsswitch.conf
>Do
># semanage fcontext -a -t FILE_TYPE '/etc/nsswitch.conf'
>where FILE_TYPE is one of the following: machineid_t, usr_t, abrt_var_run_t, cupsd_rw_etc_t, cupsd_etc_t, cupsd_tmp_t, sysctl_crypto_t, passwd_file_t, printconf_t, dbusd_etc_t, hplip_etc_t, etc_runtime_t, ld_so_t, hplip_var_lib_t, hplip_var_run_t, abrt_t, puppet_tmp_t, lib_t, snmpd_var_lib_t, udev_var_run_t, fail2ban_var_lib_t, net_conf_t, cpu_online_t, print_spool_t, afs_cache_t, abrt_helper_exec_t, anon_inodefs_t, sysctl_kernel_t, hplip_exec_t, system_dbusd_var_lib_t, textrel_shlib_t, rpm_script_tmp_t, ld_so_cache_t, user_cron_spool_t, locale_t, bin_t, proc_t, sysfs_t, usbfs_t, hplip_t. 
>Then execute: 
>restorecon -v '/etc/nsswitch.conf'
>
>
>*****  Plugin catchall (17.1 confidence) suggests  ***************************
>
>If you believe that python2.7 should be allowed read access on the nsswitch.conf file by default.
>Then you should report this as a bug.
>You can generate a local policy module to allow this access.
>Do
>allow this access for now by executing:
># grep hpfax /var/log/audit/audit.log | audit2allow -M mypol
># semodule -i mypol.pp
>
>Additional Information:
>Source Context                system_u:system_r:hplip_t:s0-s0:c0.c1023
>Target Context                system_u:object_r:etc_t:s0
>Target Objects                /etc/nsswitch.conf [ file ]
>Source                        hpfax
>Source Path                   /usr/bin/python2.7
>Port                          <Unknown>
>Host                          (removed)
>Source RPM Packages           python-2.7.3-13.fc18.x86_64
>Target RPM Packages           glibc-2.16-8.fc18.x86_64
>Policy RPM                    selinux-policy-3.11.1-7.fc18.noarch
>Selinux Enabled               True
>Policy Type                   targeted
>Enforcing Mode                Enforcing
>Host Name                     (removed)
>Platform                      Linux (removed) 3.6.0-0.rc2.git0.1.fc18.x86_64 #1
>                              SMP Thu Aug 16 23:58:33 UTC 2012 x86_64 x86_64
>Alert Count                   4
>First Seen                    2012-08-21 23:28:47 EDT
>Last Seen                     2012-08-21 23:40:40 EDT
>Local ID                      3b73a356-144a-4ae8-bc84-08f974854527
>
>Raw Audit Messages
>type=AVC msg=audit(1345606840.351:868): avc:  denied  { read } for  pid=17126 comm="hpfax" name="nsswitch.conf" dev="dm-1" ino=2490725 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file
>
>
>type=SYSCALL msg=audit(1345606840.351:868): arch=x86_64 syscall=open success=no exit=EACCES a0=3dc8b783d2 a1=80000 a2=1b6 a3=238 items=0 ppid=17119 pid=17126 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=hpfax exe=/usr/bin/python2.7 subj=system_u:system_r:hplip_t:s0-s0:c0.c1023 key=(null)
>
>Hash: hpfax,hplip_t,etc_t,file,read
>
>audit2allow
>
>#============= hplip_t ==============
>allow hplip_t etc_t:file read;
>
>audit2allow -R
>
>#============= hplip_t ==============
>allow hplip_t etc_t:file read;
>

Actions: View

Attachments on bug 850670: 606138 | 606139 | 606140