Bug 507098

Summary: New printer in system-config-printer causes SELinux preventing python (hplip_t) "read" security_t
Product: [Fedora] Fedora Reporter: Edwin ten Brink <fedora>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 11CC: amturnip, caseykuzniewski, dwalsh, ian, jkubin, joe, mgrepl, rvs, skarllot
Target Milestone: ---Keywords: Desktop, SELinux
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-13 16:54:52 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
SELinux alert none

Description Edwin ten Brink 2009-06-20 20:40:58 UTC 
Created attachment 348762 [details]
SELinux alert

Description of problem:
system-config-printer causes an SELinux AVC denial when scanning for new printers, saying "SELinux is preventing python (hplip_t) "read" security_t."

Version-Release number of selected component (if applicable):
$ rpm -q system-config-printer
system-config-printer-1.1.7-4.fc11.i586
$ rpm -q selinux-policy
selinux-policy-3.6.12-50.fc11.noarch

How reproducible:
Always.

Steps to Reproduce:
1. Open system-config-printer
2. Choose Server -> New -> Printer (ctrl-N)
  
Actual results:
Dialog opening but with AVC denial.

Expected results:
Dialog opening normally.

Additional info:
See for details the SELinux alert in the attachment.
Comment 1 Miroslav Grepl 2009-06-22 08:30:33 UTC 
*** Bug 507239 has been marked as a duplicate of this bug. ***
Comment 2 Daniel Walsh 2009-06-22 21:51:47 UTC 
You can add these rules now using

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Fixed in selinux-policy-3.6.12-57.fc11
Comment 3 Miroslav Grepl 2009-06-29 08:50:37 UTC 
*** Bug 508493 has been marked as a duplicate of this bug. ***
Comment 4 Miroslav Grepl 2009-06-29 08:52:14 UTC 
*** Bug 508414 has been marked as a duplicate of this bug. ***
Comment 5 Miroslav Grepl 2009-06-29 08:52:55 UTC 
*** Bug 508560 has been marked as a duplicate of this bug. ***
Comment 6 Tim Waugh 2009-07-13 08:51:40 UTC 
*** Bug 507694 has been marked as a duplicate of this bug. ***
Comment 7 Tim Waugh 2009-07-13 08:51:51 UTC 
*** Bug 510838 has been marked as a duplicate of this bug. ***
Comment 8 Ian Weller 2009-07-13 16:54:52 UTC 
This is indeed fixed AFAICT so I'm gonna go ahead and close it.