Bug 508493
| Summary: | Denied read access to hplip_t | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | FabrÃcio Godoy <skarllot> |
| Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED DUPLICATE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 11 | CC: | dwalsh, jkubin, mgrepl |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-06-29 08:50:37 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
*** This bug has been marked as a duplicate of bug 507098 *** |
Description of problem: I'm receiving a lot of below messages. SELinux is preventing python (hplip_t) "read" security_t. Detailed Description SELinux denied access requested by python. It is not expected that this access is required by python and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:hplip_t:s0 Target Context: system_u:object_r:security_t:s0 Target Objects: mls [ file ] Source: python Source Path: /usr/bin/python Port: <Unknown> Host: fabriciopc Source RPM Packages: python-2.6-9.fc11 Target RPM Packages: Policy RPM: selinux-policy-3.6.12-50.fc11 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: catchall Host Name: fabriciopc Platform: Linux fabriciopc 2.6.29.5-191.fc11.x86_64 #1 SMP Tue Jun 16 23:23:21 EDT 2009 x86_64 x86_64 Alert Count: 36 First Seen: Sun Jun 21 12:13:59 2009 Last Seen: Sat Jun 27 17:49:28 2009 Local ID: f07a806f-fc26-4f9b-b89d-b21772123d36 Line Numbers: Raw Audit Messages : node=fabriciopc type=AVC msg=audit(1246135768.370:7): avc: denied { read } for pid=2208 comm="python" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file node=fabriciopc type=SYSCALL msg=audit(1246135768.370:7): arch=c000003e syscall=2 success=no exit=-13 a0=7fffcb2ec230 a1=0 a2=7fffcb2ec23c a3=fffffff8 items=0 ppid=2050 pid=2208 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0 key=(null) Version-Release number of selected component (if applicable): How reproducible: Just print a page. Steps to Reproduce: 1. Open any program that has print option 2. Do printing 3. Actual results: The page is printed without problems, but I receive this message. Expected results: Additional info: