Bug 192216

Summary: SELinux blocking cups-lpd again
Product: [Fedora] Fedora Reporter: Ian Pilcher <arequipeno>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5Keywords: Regression, SELinux
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-targeted-2.2.42-2.fc5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-06-21 17:56:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Ian Pilcher 2006-05-18 13:41:52 UTC
Description of problem:

The following audit messages occur every time a job is submitted to cups-lpd:

type=AVC msg=audit(1147958690.440:1241): avc:  denied  { search } for  pid=23311
comm="cups-lpd" name="cups" dev=md1 ino=3022474
scontext=system_u:system_r:cupsd_lpd_t:s0
tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1147958690.440:1241): arch=40000003 syscall=195
success=no exit=-13 a0=e2b582 a1=bff75790 a2=31cff4 a3=e2b582 items=1 pid=23311
auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7
comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd"
type=CWD msg=audit(1147958690.440:1241):  cwd="/"
type=PATH msg=audit(1147958690.440:1241): item=0 name="/var/run/cups/cups.sock"
flags=101
type=AVC msg=audit(1147958690.444:1242): avc:  denied  { create } for  pid=23311
comm="cups-lpd" scontext=system_u:system_r:cupsd_lpd_t:s0
tcontext=system_u:system_r:cupsd_lpd_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1147958690.444:1242): arch=40000003 syscall=102
success=no exit=-13 a0=1 a1=bff75508 a2=31cff4 a3=bff75af9 items=0 pid=23311
auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7
comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd"
type=SOCKETCALL msg=audit(1147958690.444:1242): nargs=3 a0=10 a1=3 a2=0


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.38-1.fc5


How reproducible:

100%


Steps to Reproduce:
1. Update to selinux-policy-targeted-2.2.38-1.fc5
2. Submit a job via cups-lpd

  
Actual results:

Job not printed.


Expected results:

Job should be printed.


Additional info:

Is cupsd_lpd_t new?  It does not appear to have sufficient privileges.

Comment 1 Daniel Walsh 2006-05-23 20:28:25 UTC
Fixed in selinux-policy-targeted-2.2.42-2.fc5