Bug 430829
Summary: | SELinux is preventing the /usr/sbin/cupsd from using potentially mislabeled files (). | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Rick Richardson <rickrich> | ||||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | low | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 8 | ||||||||
Target Milestone: | --- | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2008-02-26 22:08:52 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Rick Richardson
2008-01-30 00:00:05 UTC
Please attach the AVC messages. /var/log/audit/audit.log Created attachment 293421 [details]
audit.log
You have cups trying to look at the file /home/rick/prn? Is this a local customization. If you want to allow this you can use audit2allow to add it. Cups does not usually read users homedirectories. # cat /var/log/audit/audit.log | audit2allow -M local ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i local.pp # semodule -i local.pp libsepol.check_assertion_helper: neverallow violated by allow nfsd_t fixed_disk_device_t:blk_file { read }; Cannot allocate memory. libsemanage.semanage_expand_sandbox: Expand module failed Cannot allocate memory. semodule: Failed! Created attachment 293439 [details]
local.te
Yes you are trying to load a policy that includes nfs being able to read/write raw disk. Try. # grep cups /var/log/audit/audit.log | audit2allow -M local Also update to the latest selinux policy. THis is local customization so will not fix. |