Bug 860528
Summary: | cupsd[1334]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | xset1980 |
Component: | p11-kit | Assignee: | Stef Walter <stefw> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | high | ||
Version: | 18 | CC: | andrew.kavalov, atulya.swayankar, bugzilla, eddie, ipilcher, jpopelka, kalevlember, mads, mclasen, stefw, tmraz |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | p11-kit-0.14-2.fc18 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-05-23 12:39:15 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
xset1980
2012-09-26 04:36:20 UTC
This sounds like an SELinux policy problem. Is pkcs11.conf mentioned in /var/log/audit/audit.log? (In reply to comment #1) > This sounds like an SELinux policy problem. Is pkcs11.conf mentioned in > /var/log/audit/audit.log? @Stef Walter, No, is no mentioned in /var/log/audit/audit.log: [root@fedora18 ~]# cat /var/log/messages |grep -i cupsd Sep 21 22:13:54 localhost cupsd[4297]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 21 23:30:11 localhost cupsd[1223]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 21 02:46:27 localhost cupsd[1382]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 21 00:32:26 localhost cupsd[1368]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 21 01:02:05 fedora18 cupsd[1460]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 21 16:43:52 fedora18 cupsd[1301]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 25 10:07:06 fedora18 cupsd[1405]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 25 11:32:42 fedora18 cupsd[1300]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 25 12:23:07 fedora18 cupsd[1312]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 25 23:20:51 fedora18 cupsd[1304]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 25 23:50:21 fedora18 cupsd[1322]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 26 00:20:11 fedora18 cupsd[1312]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 26 01:25:06 fedora18 cupsd[1334]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied Sep 26 16:41:38 fedora18 cupsd[1419]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied [root@fedora18 ~]# cat /var/log/audit/audit.log |grep pkcs11.conf [root@fedora18 ~]# cat /var/log/audit/audit.log |grep p11-kit [root@fedora18 ~]# It seems very wrong to me that a service running as system_u:system_r:cupsd_t should have anything to do in /root . Well, if we want to make big claims: It seems wrong to me that a printing service is running as root. But in any case. p11-kit tries to access config files both in /etc and in the user's home directory. So there's a patch to fix this upstream. It requires testing and review before I'll merge it. Thanks for your help. Oh, in case it wasn't obvious: https://bugs.freedesktop.org/show_bug.cgi?id=57115 My samba log is full of these messages (and I don't even have a /root/pkcs11 directory). (In reply to comment #6) > My samba log is full of these messages (and I don't even have a /root/pkcs11 > directory). I am also getting same error when i start httpd (in my system also there is no /root/.pkcs11 directory is there ) Fix for this has been merged upstream. I'll leave it to Kalev to decide whether to back-port a patch for this into Fedora 18. The problem happened again, when restart the cupsd. And printing is not possible. [root@bart ~]# systemctl restart colord.service [root@bart ~]# systemctl restart cups.service [root@bart ~]# tail -f /var/log/messages May 12 09:11:00 bart colord: Device added: cups-Cups-PDF May 12 09:11:00 bart colord: Profile added: ffgtk-fax-Gray.. May 12 09:11:00 bart colord[5423]: (colord:5423): Cd-WARNING **: failed to get session [pid 5431]: Unbekannter Fehler -2 May 12 09:11:00 bart colord: Device added: cups-ffgtk-fax May 12 09:11:00 bart colord: Profile added: HP_Laserjet_1200-Gray.. May 12 09:11:00 bart colord: Profile added: HP_Laserjet_1200-RGB.. May 12 09:11:00 bart colord[5423]: (colord:5423): Cd-WARNING **: failed to get session [pid 5431]: Unbekannter Fehler -2 May 12 09:11:00 bart colord: Device added: cups-HP_Laserjet_1200 May 12 09:11:00 bart cupsd[5431]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied May 12 09:11:02 bart systemd[1]: Started CUPS Printing Service. cups-1.5.4-20.fc18.x86_64 colord-0.1.31-1.fc18.x86_64 p11-kit-0.14-1.fc18.x86_64 The last update that was installed was: May 12 08:35:23 Updated: nspr-4.9.6-1.fc18.x86_64 May 12 08:35:24 Updated: ibus-m17n-1.3.4-8.fc18.x86_64 Please test this build and see if it fixes your problem: http://koji.fedoraproject.org/koji/taskinfo?taskID=5370883 Note: Your inability to print may be for completely different reasons. So when testing this patch please use the following criteria: "Is the error in the logs gone?" Yes it will fix it. Printing is working again and no errors: [root@bart ~]# systemctl restart colord.service [root@bart ~]# systemctl restart cups.service [root@bart ~]# tail -f /var/log/messages May 13 18:12:38 bart colord: Profile added: Cups-PDF-RGB.. May 13 18:12:38 bart colord[4190]: (colord:4190): Cd-WARNING **: failed to get session [pid 4205]: Unbekannter Fehler -2 May 13 18:12:38 bart colord: Device added: cups-Cups-PDF May 13 18:12:38 bart colord: Profile added: ffgtk-fax-Gray.. May 13 18:12:38 bart colord[4190]: (colord:4190): Cd-WARNING **: failed to get session [pid 4205]: Unbekannter Fehler -2 May 13 18:12:38 bart colord: Device added: cups-ffgtk-fax May 13 18:12:38 bart colord: Profile added: HP_Laserjet_1200-Gray.. May 13 18:12:38 bart colord: Profile added: HP_Laserjet_1200-RGB.. May 13 18:12:38 bart colord[4190]: (colord:4190): Cd-WARNING **: failed to get session [pid 4205]: Unbekannter Fehler -2 May 13 18:12:38 bart colord: Device added: cups-HP_Laserjet_1200 May 13 18:13:33 bart dbus-daemon[796]: dbus[796]: [system] Activating service name='org.opensuse.CupsPkHelper.Mechanism' (using servicehelper) May 13 18:13:33 bart dbus[796]: [system] Activating service name='org.opensuse.CupsPkHelper.Mechanism' (using servicehelper) May 13 18:13:33 bart dbus-daemon[796]: dbus[796]: [system] Successfully activated service 'org.opensuse.CupsPkHelper.Mechanism' May 13 18:13:33 bart dbus[796]: [system] Successfully activated service 'org.opensuse.CupsPkHelper.Mechanism' May 13 18:13:40 bart systemd[1]: Started CUPS Printing Service. I can do a Fedora update for this. Will wait for necessary permission from the package maintainer. This package has changed ownership in the Fedora Package Database. Reassigning to the new owner of this component. p11-kit-0.14-2.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/p11-kit-0.14-2.fc18 Package p11-kit-0.14-2.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing p11-kit-0.14-2.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-8209/p11-kit-0.14-2.fc18 then log in and leave karma (feedback). p11-kit-0.14-2.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |