Bug 754815

Summary: SELinux is preventing /usr/sbin/cupsd from open/execute/execute_no_trans access on the file /usr/lib/cups/filter/rastertosamsungspl
Product: [Fedora] Fedora Reporter: Ivan Sidorov <ivansid>
Component: selinux-policy-targetedAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 15CC: dwalsh, jpopelka, twaugh
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-11-18 15:06:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Attachments:
Description Flags
Logs none

Description Ivan Sidorov 2011-11-17 19:53:50 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

I've tried to install Xerox Phaser 3140 printer, it intalled successefully, but print nothing. Then I've tried to install drivers from Xerox site - same there.
So I've checked /var/log/messages and found out there're some problem with SELinux rights.
Don't know what it exactly means - I'm very new to Fedora.
But suggested commands helped and now priner ptints fine.
Logs and solutuion attached. Hope it helps. 


Reproducible: Didn't try

Comment 1 Ivan Sidorov 2011-11-17 19:56:04 UTC
Created attachment 534299 [details]
Logs

Comment 2 Jiri Popelka 2011-11-18 10:26:20 UTC
/usr/lib/cups/filter/rastertosamsungspl is quite commonly used third-party filter and I think the policy is to allow third-party applications to work without modification.

Comment 3 Daniel Walsh 2011-11-18 15:06:02 UTC
Well the alert told you to run restorecon on the filter.

restorecon -R -v /usr/lib/cups/filter

I am not sure which label rastertosamsungspl was installed with, it was not included with your attachment,  but SELinux did not like it.

If third parties do not use rpm to install or do stuff in their installer and ignore SELinux, then they can put mislabled stuff on the system,  There is no way we know this until a confined app tries to run the code.  In this case SELinux caught the problem, diagnosed it, and gave the user an easy solution.  

I would say this is more a bug with samsung then SELinux.