Bug 426282

Summary: This applies to all applications which I used to print from.
Product: [Fedora] Fedora Reporter: Tharry Beavers <tlbeavers3>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: I now have 10 jobs in my document que waiting to print.
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-12-20 12:25:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tharry Beavers 2007-12-19 19:30:34 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.Click on print
2.Select printer
3.Document is spooled
  
Actual results:
NO Print from any application: Message flashes "SELinux had prevented access to..."



Expected results:Documents to printSummary
    SELinux is preventing sh (cupsd_t) "getattr" to /usr/bin/hpijs
    (hplip_exec_t).

Detailed Description
    SELinux denied access requested by sh. It is not expected that this access
    is required by sh and this access may signal an intrusion attempt. It is
    also possible that the specific version or configuration of the application
    is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for /usr/bin/hpijs, restorecon -v
    /usr/bin/hpijs If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:hplip_exec_t
Target Objects                /usr/bin/hpijs [ file ]
Affected RPM Packages         hpijs-1.7.2-10.fc7 [target]
Policy RPM                    selinux-policy-2.6.4-61.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.21-1.3194.fc7 #1
                              SMP Wed May 23 22:35:01 EDT 2007 i686 i686
Alert Count                   5
First Seen                    Mon 17 Dec 2007 11:32:02 AM CST
Last Seen                     Wed 19 Dec 2007 01:17:18 PM CST
Local ID                      3b48bd4d-1df9-40b5-94ff-7b462dc38da9
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm="sh" dev=dm-0 egid=7 euid=4 exe="/bin/bash"
exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="hpijs" path="/usr/bin/hpijs"
pid=3023 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:hplip_exec_t:s0 tty=(none) uid=4




Additional info:
This bug seemed to appear after one of the almost daily updates. I use open
office 2.3 for my wp, but nothing else has changed. I just don't get any print
from any application.
Comment 1 Tim Waugh 2007-12-20 12:25:14 UTC 

*** This bug has been marked as a duplicate of 420971 ***