Bug 446052

Summary: hp-makeuri gives avc denials
Product: [Fedora] Fedora Reporter: Christopher Tubbs <ctubbsii>
Component: hplipAssignee: Tim Waugh <twaugh>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-12 14:29:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Christopher Tubbs 2008-05-12 12:33:49 UTC 
Description of problem:
Selinux targeted policy problematic with HP printer using basic install (no
customizations) of F9-preview, fully updated.

Version-Release number of selected component (if applicable):
hplip-2.8.2-2.fc9.i386
selinux-policy-targeted-3.3.1-42.fc9.noarch

How reproducible:
Each time I print

Steps to Reproduce:
1. Add HP printer (mine is photosmart 7350)
2. Print
3. Watch setroubleshoot give AVC denial warning in notification bar.
  
Actual results:

Summary:

SELinux is preventing hp-makeuri (hplip_t) "read" to pipe (hald_t).
Source Context                system_u:system_r:hplip_t:s0
Target Context                system_u:system_r:hald_t:s0
Target Objects                pipe [ fifo_file ]
Source                        hp-makeuri
Source Path                   /bin/env
Port                          <Unknown>
Host                          lappy
Source RPM Packages           coreutils-6.10-18.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-42.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     lappy
Platform                      Linux lappy 2.6.25-14.fc9.i686 #1 SMP Thu May 1
                              06:28:41 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Mon 12 May 2008 08:24:33 AM EDT
Last Seen                     Mon 12 May 2008 08:24:33 AM EDT
Local ID                      f1d5ccfb-10d1-488d-ad7d-8f06923504d3
Line Numbers                  

Raw Audit Messages            

host=lappy type=AVC msg=audit(1210595073.705:23): avc:  denied  { read } for 
pid=3210 comm="hp-makeuri" path="pipe:[29445]" dev=pipefs ino=29445
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=fifo_file

host=lappy type=SYSCALL msg=audit(1210595073.705:23): arch=40000003 syscall=11
success=yes exit=0 a0=8e1e8d0 a1=8e1d560 a2=8e1ea50 a3=0 items=0 ppid=3209
pid=3210 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
tty=(none) ses=4294967295 comm="hp-makeuri" exe="/bin/env"
subj=system_u:system_r:hplip_t:s0 key=(null)

Expected results:
There shouldn't be an error for a clean install of F9. hplip and
selinux-targeted should work fine out of the box.

Additional info:
F9-preview, fully updated.
Comment 1 Tim Waugh 2008-05-12 14:29:56 UTC 

*** This bug has been marked as a duplicate of 442191 ***