Bug 588295 (gcmselinux)

Summary: denied { getattr } for pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock"
Product: [Fedora] Fedora Reporter: Kamil Páral <kparal>
Component: gnome-color-managerAssignee: Richard Hughes <richard>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: acf1210, awilliam, dwalsh, gaetan, hal, igor.katalnikov, leigh123linux, maycon.franca, mgrepl, paul.lipps, rhughes, richard, tcallawa
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: gnome-color-manager-2.30.1-2.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-04 23:49:23 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 507681    
Attachments:
Description Flags
audit.log none

Description Kamil Páral 2010-05-03 12:32:28 UTC 
Description of problem:

Right after installing and booting F13 TC1 from Live image:

type=AVC msg=audit(1272889100.820:12): avc:  denied  { getattr } for  pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock" dev=dm-1 ino=136 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file

type=AVC msg=audit(1272889100.834:13): avc:  denied  { write } for  pid=1568 comm="gcm-apply" name="cups.sock" dev=dm-1 ino=136 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file

type=AVC msg=audit(1272889100.834:13): avc:  denied  { connectto } for  pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=unix_stream_socket

type=AVC msg=audit(1272889101.943:14): avc:  denied  { name_bind } for  pid=1568 comm="gcm-apply" src=8610 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipp_port_t:s0 tclass=udp_socket


Version-Release number of selected component (if applicable):
Fedora 13 TC1
selinux-policy-3.7.19-6.fc13.noarch
selinux-policy-targeted-3.7.19-6.fc13.noarch
Comment 1 Kamil Páral 2010-05-03 12:32:48 UTC 
Created attachment 410967 [details]
audit.log
Comment 2 Daniel Walsh 2010-05-03 14:13:48 UTC 
This looks like the same problem with xsane_init?
Comment 3 Richard Hughes 2010-05-03 14:35:58 UTC 
Can you try with the gnome-color-manager build here please: http://people.freedesktop.org/~hughsient/fedora/
Comment 4 Kamil Páral 2010-05-03 16:40:45 UTC 
I have re-installed from F13 TC1 Live and I don't see this problem anymore. Where can be the difference?
Comment 5 Tom "spot" Callaway 2010-05-03 19:24:51 UTC 
(In reply to comment #3)
> Can you try with the gnome-color-manager build here please:
> http://people.freedesktop.org/~hughsient/fedora/    

Dan Walsh verbally confirmed to me that your update fixes this issue.

Please go ahead and push it for F-13 to close out this blocker.
Comment 6 Adam Williamson 2010-05-04 01:59:03 UTC 
richard, could you push the update asap? tomorrow's red letter day, we need all the fixes we can get by then...thanks.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers
Comment 7 Fedora Update System 2010-05-04 09:21:56 UTC 
gnome-color-manager-2.30.1-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/gnome-color-manager-2.30.1-2.fc13
Comment 8 Daniel Walsh 2010-05-04 14:20:04 UTC 
I was getting these AVC's with the xguest user, but after updating I no longer see them.  I was never seeing the errors with xdm.
Comment 9 Adam Williamson 2010-05-04 21:34:55 UTC 
Richard, we can't close the bug until the update is pushed to stable. You should be able to submit it for stable immediately, and it should be accepted. thanks!
Comment 10 Fedora Update System 2010-05-04 23:49:11 UTC 
gnome-color-manager-2.30.1-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Richard Hughes 2010-05-07 17:53:25 UTC 
*** Bug 590016 has been marked as a duplicate of this bug. ***
Comment 12 Daniel Walsh 2010-05-18 12:45:11 UTC 
*** Bug 588152 has been marked as a duplicate of this bug. ***
Comment 13 Daniel Walsh 2010-05-18 12:46:10 UTC 
*** Bug 585723 has been marked as a duplicate of this bug. ***
Comment 14 Daniel Walsh 2010-05-18 12:46:52 UTC 
*** Bug 592637 has been marked as a duplicate of this bug. ***
Comment 15 Daniel Walsh 2010-05-18 12:47:15 UTC 
*** Bug 593207 has been marked as a duplicate of this bug. ***
Comment 16 Daniel Walsh 2010-05-18 12:47:44 UTC 
*** Bug 590465 has been marked as a duplicate of this bug. ***
Comment 17 Daniel Walsh 2010-05-27 14:03:11 UTC 
*** Bug 596744 has been marked as a duplicate of this bug. ***