Bug 447433

Summary: SELinux is preventing hp-makeuri
Product: [Fedora] Fedora Reporter: Tom Halfpenny <alskn3>
Component: hal-cups-utilsAssignee: Tim Waugh <twaugh>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: low    
Version: 9   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-05-28 09:46:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Tom Halfpenny 2008-05-19 21:38:44 UTC 
Description of problem:
Summary:

SELinux is preventing hp-makeuri (hplip_t) "read" to pipe SummarySELinux is
preventing hp-makeuri (hplip_t) "read" to pipe (hald_t). Detailed
DescriptionSELinux denied access requested by hp-makeuri. It is not expected
that this access is required by hp-makeuri and this access may signal an
intrusion attempt. It is also possible that the specific version or
configuration of the application is causing it to require additional access.
Allowing AccessYou can generate a local policy module to allow this access - see
FAQ Or you can disable SELinux protection altogether. Disabling SELinux
protection is not recommended. Please file a bug report against this package.
Additional InformationSource Context:  system_u:system_r:hplip_t:s0Target
Context:  system_u:system_r:hald_t:s0Target Objects:  pipe [ fifo_file
]Source:  hp-makeuriSource
Path:  /bin/envPort:  <Unknown>Host:  localhost.localdomainSource RPM
Packages:  coreutils-6.10-18.fc9Target RPM Packages:  Policy
RPM:  selinux-policy-3.3.1-42.fc9Selinux Enabled:  TruePolicy Type:  targetedMLS
Enabled:  TrueEnforcing Mode:  EnforcingPlugin Name:  catchallHost
Name:  localhost.localdomainPlatform:  Linux localhost.localdomain
2.6.25-14.fc9.i686 #1 SMP Thu May 1 06:28:41 EDT 2008 i686 i686Alert
Count:  1First Seen:  Mon 19 May 2008 04:36:21 PM EDTLast Seen:  Mon 19 May 2008
04:36:21 PM EDTLocal ID:  f1322315-5edd-4df7-9c0a-191ea2e34540Line Numbers:  Raw
Audit Messages :host=localhost.localdomain type=AVC
msg=audit(1211229381.302:42): avc: denied { read } for pid=2822
comm="hp-makeuri" path="pipe:[32983]" dev=pipefs ino=32983
scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:system_r:hald_t:s0
tclass=fifo_file host=localhost.localdomain type=SYSCALL
msg=audit(1211229381.302:42): arch=40000003 syscall=11 success=yes exit=0
a0=9591898 a1=9590400 a2=9591a18 a3=0 items=0 ppid=2821 pid=2822 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none)
ses=4294967295 comm="hp-makeuri" exe="/bin/env"
subj=system_u:system_r:hplip_t:s0 key=(null) (hald_t).

Detailed Description:

SELinux denied access requested by hp-makeuri. It is not expected that this
access is required by hp-makeuri and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:hplip_t:s0
Target Context                system_u:system_r:hald_t:s0
Target Objects                pipe [ fifo_file ]
Source                        hp-makeuri
Source Path                   /bin/env
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           coreutils-6.10-18.fc9
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-42.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.25-14.fc9.i686 #1
                              SMP Thu May 1 06:28:41 EDT 2008 i686 i686
Alert Count                   1
First Seen                    Mon 19 May 2008 04:36:21 PM EDT
Last Seen                     Mon 19 May 2008 04:36:21 PM EDT
Local ID                      f1322315-5edd-4df7-9c0a-191ea2e34540
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1211229381.302:42): avc:  denied 
{ read } for  pid=2822 comm="hp-makeuri" path="pipe:[32983]" dev=pipefs
ino=32983 scontext=system_u:system_r:hplip_t:s0
tcontext=system_u:system_r:hald_t:s0 tclass=fifo_file

host=localhost.localdomain type=SYSCALL msg=audit(1211229381.302:42):
arch=40000003 syscall=11 success=yes exit=0 a0=9591898 a1=9590400 a2=9591a18
a3=0 items=0 ppid=2821 pid=2822 auid=4294967295 uid=0 gid=0 euid=0 suid=0
fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="hp-makeuri"
exe="/bin/env" subj=system_u:system_r:hplip_t:s0 key=(null)





Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tim Waugh 2008-05-20 07:14:14 UTC 
Did you install the updates?

What does 'rpm -q hal-cups-utils' say?
Comment 2 Tim Waugh 2008-05-28 09:46:38 UTC 
Assuming this is a duplicate in the absence of further information.

*** This bug has been marked as a duplicate of 442191 ***