Description of problem: This occured while the printer was automatically installing. SELinux is preventing /usr/bin/python2.7 from 'read' accesses on the directory /root/.local/lib/python2.7/site-packages. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that python2.7 should be allowed read access on the site-packages directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep udev-add-printe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_config_t:s0 Target Context system_u:object_r:gconf_home_t:s0 Target Objects /root/.local/lib/python2.7/site-packages [ dir ] Source udev-add-printe Source Path /usr/bin/python2.7 Port <Unknown> Host (removed) Source RPM Packages python-2.7.5-9.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-123.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.12.9-301.fc20.x86_64 #1 SMP Wed Jan 29 15:56:22 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-02-07 12:24:50 CET Last Seen 2014-02-07 12:24:50 CET Local ID fc45a2b2-4638-4307-8d17-8d87ecf4a279 Raw Audit Messages type=AVC msg=audit(1391772290.545:759): avc: denied { read } for pid=16826 comm="udev-add-printe" name="site-packages" dev="dm-1" ino=1180420 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=dir type=SYSCALL msg=audit(1391772290.545:759): arch=x86_64 syscall=openat success=yes exit=EINTR a0=ffffffffffffff9c a1=16d5500 a2=90800 a3=0 items=0 ppid=1 pid=16826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=udev-add-printe exe=/usr/bin/python2.7 subj=system_u:system_r:cupsd_config_t:s0 key=(null) Hash: udev-add-printe,cupsd_config_t,gconf_home_t,dir,read Additional info: reporter: libreport-2.1.12 hashmarkername: setroubleshoot kernel: 3.12.10-300.fc20.x86_64 type: libreport
SELinux is preventing /usr/bin/python2.7 from read access on the file /root/.local/lib/python2.7/site-packages/easy-install.pth. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that python2.7 should be allowed read access on the easy-install.pth file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep udev-add-printe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_config_t:s0 Target Context system_u:object_r:gconf_home_t:s0 Target Objects /root/.local/lib/python2.7/site-packages/easy- install.pth [ file ] Source udev-add-printe Source Path /usr/bin/python2.7 Port <Unknown> Host work-ntb Source RPM Packages python-2.7.5-9.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-123.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name work-ntb Platform Linux work-ntb 3.12.9-301.fc20.x86_64 #1 SMP Wed Jan 29 15:56:22 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-02-07 12:24:50 CET Last Seen 2014-02-07 12:24:50 CET Local ID cadc6a03-ae1b-47e9-a43f-a90a148aacb6 Raw Audit Messages type=AVC msg=audit(1391772290.545:760): avc: denied { read } for pid=16826 comm="udev-add-printe" name="easy-install.pth" dev="dm-1" ino=1180690 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file type=AVC msg=audit(1391772290.545:760): avc: denied { open } for pid=16826 comm="udev-add-printe" path="/root/.local/lib/python2.7/site-packages/easy-install.pth" dev="dm-1" ino=1180690 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file type=SYSCALL msg=audit(1391772290.545:760): arch=x86_64 syscall=open success=yes exit=EINTR a0=169dcf0 a1=0 a2=1b6 a3=0 items=0 ppid=1 pid=16826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=udev-add-printe exe=/usr/bin/python2.7 subj=system_u:system_r:cupsd_config_t:s0 key=(null) Hash: udev-add-printe,cupsd_config_t,gconf_home_t,file,read
SELinux is preventing /usr/bin/python2.7 from getattr access on the file /root/.local/lib/python2.7/site-packages/easy-install.pth. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that python2.7 should be allowed getattr access on the easy-install.pth file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep udev-add-printe /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_config_t:s0 Target Context system_u:object_r:gconf_home_t:s0 Target Objects /root/.local/lib/python2.7/site-packages/easy- install.pth [ file ] Source udev-add-printe Source Path /usr/bin/python2.7 Port <Unknown> Host work-ntb Source RPM Packages python-2.7.5-9.fc20.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-123.fc20.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name work-ntb Platform Linux work-ntb 3.12.9-301.fc20.x86_64 #1 SMP Wed Jan 29 15:56:22 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-02-07 12:24:50 CET Last Seen 2014-02-07 12:24:50 CET Local ID 124f045c-e03f-4135-82ac-a0841f062e91 Raw Audit Messages type=AVC msg=audit(1391772290.545:761): avc: denied { getattr } for pid=16826 comm="udev-add-printe" path="/root/.local/lib/python2.7/site-packages/easy-install.pth" dev="dm-1" ino=1180690 scontext=system_u:system_r:cupsd_config_t:s0 tcontext=system_u:object_r:gconf_home_t:s0 tclass=file type=SYSCALL msg=audit(1391772290.545:761): arch=x86_64 syscall=fstat success=yes exit=0 a0=4 a1=7fff27ceec10 a2=7fff27ceec10 a3=1 items=0 ppid=1 pid=16826 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm=udev-add-printe exe=/usr/bin/python2.7 subj=system_u:system_r:cupsd_config_t:s0 key=(null) Hash: udev-add-printe,cupsd_config_t,gconf_home_t,file,getattr
You would not see it in enforcing mode. Also cups-config python script should be fixed.
Fixed upstream in commit 7b3ccf3: https://git.fedorahosted.org/cgit/system-config-printer.git/commit/?id=7b3ccf3cace238f8ec9711df2381885e9db4da90
system-config-printer-1.4.4-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/system-config-printer-1.4.4-1.fc20
Package system-config-printer-1.4.4-1.fc20: * should fix your issue, * was pushed to the Fedora 20 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing system-config-printer-1.4.4-1.fc20' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-4014/system-config-printer-1.4.4-1.fc20 then log in and leave karma (feedback).
system-config-printer-1.4.4-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.