Bug 820182

libreport version: 2.0.8
executable:     /usr/bin/python2.7
hashmarkername: setroubleshoot
kernel:         3.3.2-6.fc16.x86_64
reason:         SELinux is preventing /bin/bash from 'execute' accesses on the file /opt/brother/Printers/mfcj825dw/lpd/filtermfcj825dw.
time:           Wed 09 May 2012 11:53:50 BST

description:
:SELinux is preventing /bin/bash from 'execute' accesses on the file /opt/brother/Printers/mfcj825dw/lpd/filtermfcj825dw.
:
:*****  Plugin catchall_labels (83.8 confidence) suggests  ********************
:
:If you want to allow bash to have execute access on the filtermfcj825dw file
:Then you need to change the label on /opt/brother/Printers/mfcj825dw/lpd/filtermfcj825dw
:Do
:# semanage fcontext -a -t FILE_TYPE '/opt/brother/Printers/mfcj825dw/lpd/filtermfcj825dw'
:where FILE_TYPE is one of the following: logrotate_exec_t, apm_exec_t, cups_pdf_exec_t, updpwd_exec_t, cupsd_exec_t, chkpwd_exec_t, mta_exec_type, hostname_exec_t, hplip_exec_t, lpr_exec_t, cupsd_interface_t, lib_t, ld_so_t, bin_t, lib_t, abrt_helper_exec_t, ifconfig_exec_t, textrel_shlib_t, initrc_exec_t, shell_exec_t. 
:Then execute: 
:restorecon -v '/opt/brother/Printers/mfcj825dw/lpd/filtermfcj825dw'
:
:
:*****  Plugin catchall (17.1 confidence) suggests  ***************************
:
:If you believe that bash should be allowed execute access on the filtermfcj825dw file by default.
:Then you should report this as a bug.
:You can generate a local policy module to allow this access.
:Do
:allow this access for now by executing:
:# grep brlpdwrappermfc /var/log/audit/audit.log | audit2allow -M mypol
:# semodule -i mypol.pp
:
:Additional Information:
:Source Context                system_u:system_r:cupsd_t:s0-s0:c0.c1023
:Target Context                system_u:object_r:usr_t:s0
:Target Objects                /opt/brother/Printers/mfcj825dw/lpd/filtermfcj825d
:                              w [ file ]
:Source                        brlpdwrappermfc
:Source Path                   /bin/bash
:Port                          <Unknown>
:Host                          (removed)
:Source RPM Packages           bash-4.2.24-1.fc16.x86_64
:Target RPM Packages           mfcj825dwlpr-1.1.2-1.i386
:Policy RPM                    selinux-policy-3.10.0-80.fc16.noarch
:Selinux Enabled               True
:Policy Type                   targeted
:Enforcing Mode                Enforcing
:Host Name                     (removed)
:Platform                      Linux (removed) 3.3.2-6.fc16.x86_64 #1
:                              SMP Sat Apr 21 12:43:20 UTC 2012 x86_64 x86_64
:Alert Count                   8
:First Seen                    Wed 09 May 2012 11:39:26 BST
:Last Seen                     Wed 09 May 2012 11:46:28 BST
:Local ID                      3142a68f-b8f0-4a46-a346-1ba6eb4758e6
:
:Raw Audit Messages
:type=AVC msg=audit(1336560388.314:72): avc:  denied  { execute } for  pid=2172 comm="brlpdwrappermfc" name="filtermfcj825dw" dev="dm-1" ino=1055056 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file
:
:
:type=SYSCALL msg=audit(1336560388.314:72): arch=x86_64 syscall=access success=no exit=EACCES a0=1819640 a1=1 a2=0 a3=28 items=0 ppid=2156 pid=2172 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=brlpdwrappermfc exe=/bin/bash subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
:
:Hash: brlpdwrappermfc,cupsd_t,usr_t,file,execute
:
:audit2allow
:
:#============= cupsd_t ==============
:#!!!! This avc is allowed in the current policy
:
:allow cupsd_t usr_t:file execute;
:
:audit2allow -R
:
:#============= cupsd_t ==============
:#!!!! This avc is allowed in the current policy
:
:allow cupsd_t usr_t:file execute;
: