Bug 1071622
| Summary: | SELinux is preventing /usr/bin/python2.7 from 'create' accesses on the fifo_file hpfax-pipe-124. | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Davide Prade <davide.prade> |
| Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 20 | CC: | dominick.grift, dwalsh, lvrabec, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | i686 | ||
| OS: | Unspecified | ||
| Whiteboard: | abrt_hash:8b45260f91aba0291bb97eda11b9add1ffe97bdcda2b579ca51d4558861daecf | ||
| Fixed In Version: | selinux-policy-3.12.1-135.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-03-21 09:25:47 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
commit 5e6312945fbe36a232c063ad163081309331e50a
Author: Miroslav Grepl <mgrepl>
Date: Mon Mar 3 11:46:07 2014 +0100
update lpd_manage_spool() interface
selinux-policy-3.12.1-135.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/selinux-policy-3.12.1-135.fc20 Package selinux-policy-3.12.1-135.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.12.1-135.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-3813/selinux-policy-3.12.1-135.fc20 then log in and leave karma (feedback). selinux-policy-3.12.1-135.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: SELinux is preventing /usr/bin/python2.7 from 'create' accesses on the fifo_file hpfax-pipe-124. ***** Plugin catchall (100. confidence) suggests ************************** If si crede che python2.7 dovrebbe avere possibilità di accesso create sui hpfax-pipe-124 fifo_file in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep hpfax /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:print_spool_t:s0 Target Objects hpfax-pipe-124 [ fifo_file ] Source hpfax Source Path /usr/bin/python2.7 Port <Unknown> Host (removed) Source RPM Packages python-2.7.3-13.fc18.i686 Target RPM Packages Policy RPM selinux-policy-3.11.1-86.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.4-202.fc18.i686 #1 SMP Thu Mar 21 17:23:45 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-04-01 13:14:35 CEST Last Seen 2013-04-01 13:14:35 CEST Local ID f2a8270b-b675-425d-af38-e29ab18123a0 Raw Audit Messages type=AVC msg=audit(1364814875.905:441): avc: denied { create } for pid=2660 comm="hpfax" name="hpfax-pipe-124" scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:print_spool_t:s0 tclass=fifo_file type=SYSCALL msg=audit(1364814875.905:441): arch=i386 syscall=mknod success=no exit=EACCES a0=b73d9504 a1=11b6 a2=0 a3=84fd050 items=0 ppid=1291 pid=2660 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 ses=4294967295 tty=(none) comm=hpfax exe=/usr/bin/python2.7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash: hpfax,cupsd_t,print_spool_t,fifo_file,create Additional info: reporter: libreport-2.1.12 hashmarkername: setroubleshoot kernel: 3.13.5-200.fc20.i686 type: libreport