Bug 445780

Summary: hplib SE linux issue
Product: [Fedora] Fedora Reporter: Olen <olenb>
Component: hplipAssignee: Tim Waugh <twaugh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-12 12:26:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The output of the commands you requested none

Description Olen 2008-05-09 01:54:03 UTC 
Description of problem:

Summary:

SELinux is preventing hp-makeuri (hplip_t) "read" to pipe (hald_t).

Detailed Description:

SELinux denied access requested by hp-makeuri. It is not expected that this
access is required by hp-makeuri and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:hplip_t:s0
Target Context                system_u:system_r:hald_t:s0
Target Objects                pipe [ fifo_file ]
Source                        hp-makeuri
Source Path                   /bin/env
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           coreutils-6.10-18.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-42.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.25-14.fc9.x86_64
                              #1 SMP Thu May 1 06:06:21 EDT 2008 x86_64 x86_64
Alert Count                   1
First Seen                    Thu 08 May 2008 08:45:21 PM CDT
Last Seen                     Thu 08 May 2008 08:45:21 PM CDT
Local ID                      55ba7b35-f37f-4a58-b19d-79f0cd8b891d
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1210297521.561:63): avc:  denied 
{ read } for  pid=11897 comm="hp-makeuri" path="pipe:[195409]" dev=pipefs
ino=195409 scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fifo_file

host=localhost.localdomain type=SYSCALL msg=audit(1210297521.561:63):
arch=c000003e syscall=59 success=yes exit=0 a0=2008690 a1=2007a10 a2=2008a80
a3=20 items=0 ppid=11896 pid=11897 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hp-makeuri"
exe="/bin/env" subj=system_u:system_r:hplip_t:s0 key=(null)




Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tim Waugh 2008-05-09 12:02:23 UTC 
You don't say how you get this to happen; I'm going to assume that it occurs
when you plug in a USB printer made by HP.  You also don't say if it's
repeatable -- it would be really useful to know this.  I can't get this to
happen here.

What do these commands say?:

1. rpm -q hal-cups-utils hplip
2. rpm -V hal-cups-utils hplip
3. ls -Z /usr/libexec/hal_lpadmin
Comment 2 Olen 2008-05-09 23:58:13 UTC 
Created attachment 304995 [details]
The output of the commands you requested

Sorry I didn't give details on how to reproduce.

This happens every time I print from firefox.  I always have the printer
plugged in.
Comment 3 Tim Waugh 2008-05-12 08:59:54 UTC 
Could you please try running the trouble-shooter
(System->Administration->Printing, then select Help->Troubleshoot from the menu
bar) and paste in the diagnostic text you get here?  Thanks.
Comment 4 Tim Waugh 2008-05-12 12:26:38 UTC 

*** This bug has been marked as a duplicate of 442191 ***