Bug 796087

Summary: SELinux is preventing /usr/bin/python from 'read' accesses on the None 021.
Product: [Fedora] Fedora Reporter: josephhenryblack
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 16CC: dominick.grift, dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Unspecified   
Whiteboard: abrt_hash:c99515f671393fe2fc4df3b1b5432bcada2808ad59b395c21b063ab70bd73bb4
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-15 17:21:03 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description josephhenryblack 2012-02-22 09:30:54 UTC 
libreport version: 2.0.8
executable:     /usr/bin/python
hashmarkername: setroubleshoot
kernel:         3.2.3-2.fc16.i686.PAE
reason:         SELinux is preventing /usr/bin/python from 'read' accesses on the None 021.
time:           Wed 22 Feb 2012 22:32:44 NZDT

description:
:SELinux is preventing /usr/bin/python from 'read' accesses on the None 021.
:
:*****  Plugin catchall (100. confidence) suggests  ***************************
:
:If you believe that python should be allowed read access on the 021 <Unknown> by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep hpfax /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:hplip_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:device_t:s0
:Target Objects                021 [ None ]
:Source                        hpfax
:Source Path                   /usr/bin/python
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           python-2.7.2-5.2.fc16.i686
:Target RPM Packages           
:Policy RPM                    selinux-policy-3.10.0-75.fc16.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.2.3-2.fc16.i686.PAE
:                              #1 SMP Fri Feb 3 19:57:53 UTC 2012 i686 i686
:Alert Count                   3
:First Seen                    Wed 22 Feb 2012 22:31:34 NZDT
:Last Seen                     Wed 22 Feb 2012 22:31:40 NZDT
:Local ID                      d802488f-3665-42c5-8c30-8ec8c0e75e89
:
:Raw Audit Messages
:type=AVC msg=audit(1329903100.286:170): avc:  denied  { read } for  pid=4726 comm="hpfax" name="021" dev=devtmpfs ino=64186 scontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_filenode=(removed) type=SYSCALL msg=audit(1329903100.286:170): arch=40000003 syscall=5 success=no exit=-13 a0=bff8388c a1=0 a2=82e1708 a3=83473e8 items=0 ppid=4725 pid=4726 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="hpfax" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0-s0:c0.c1023 key=(null)
:
:
:Hash: hpfax,hplip_t,device_t,None,read
:
:audit2allow
:
:
:audit2allow -R
:
:
Comment 1 Miroslav Grepl 2012-03-15 17:21:03 UTC 
I guess that "021" is now labeled correctly.

ls -Z PATHO/021

If I am wrong and you get this issue, please reopen the bug. thank you.