Bug 472893

Description of problem:
Avc denial for hplip_t 

Version-Release number of selected component (if applicable):
setroubleshoot 2.0.8
hplip 2.8.10, device manager software version 15.0

How reproducible:
can be reproduced at will

Steps to Reproduce:
1. Print document
2.
3.
  
[root@localhost bkochis]# /sbin/restorecon -v './dbus'
/sbin/restorecon:  stat error on ./dbus:  No such file or directory

Additional info: uname -a 
Linux localhost.localdomain 2.6.27.5-41.fc9.i686 #1 SMP Thu Nov 13 20:52:14 EST 2008 i686 athlon i386 GNU/Linux


Summary:

SELinux is preventing hp (hplip_t) "search" to ./dbus (system_dbusd_var_run_t).

Detailed Description:

[SELinux is in permissive mode, the operation would have been denied but was
permitted due to permissive mode.]

SELinux denied access requested by hp. It is not expected that this access is
required by hp and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Allowing Access:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./dbus,

restorecon -v './dbus'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additional Information:

Source Context                system_u:system_r:hplip_t:s0-s0:c0.c1023
Target Context                system_u:object_r:system_dbusd_var_run_t:s0
Target Objects                ./dbus [ dir ]
Source                        hp
Source Path                   /usr/lib/cups/backend/hp
Port                          <Unknown>
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.3.1-107.fc9
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.27.5-41.fc9.i686
                              #1 SMP Thu Nov 13 20:52:14 EST 2008 i686 athlon
Alert Count                   8
First Seen                    Thu 20 Nov 2008 10:46:44 AM EST
Last Seen                     Mon 24 Nov 2008 10:56:33 AM EST
Local ID                      5bb2cce6-3b5f-40c1-ad14-6f795bc7197d
Line Numbers                  

Raw Audit Messages            

host=localhost.localdomain type=AVC msg=audit(1227542193.592:58): avc:  denied  { search } for  pid=7311 comm="hp" name="dbus" dev=sdb3 ino=1474689 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=dir

host=localhost.localdomain type=AVC msg=audit(1227542193.592:58): avc:  denied  { write } for  pid=7311 comm="hp" name="system_bus_socket" dev=sdb3 ino=1475197 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:object_r:system_dbusd_var_run_t:s0 tclass=sock_file

host=localhost.localdomain type=AVC msg=audit(1227542193.592:58): avc:  denied  { connectto } for  pid=7311 comm="hp" path="/var/run/dbus/system_bus_socket" scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket

host=localhost.localdomain type=SYSCALL msg=audit(1227542193.592:58): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bff3b630 a2=853ff4 a3=1f items=0 ppid=2103 pid=7311 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:hplip_t:s0-s0:c0.c1023 key=(null)