Description of problem: +allow $1_lpr_t $1_mozilla_t:tcp_socket { read write }; +allow $1_lpr_t $1_mozilla_t:unix_stream_socket { read write }; SELinux wants to generate the above commands when execing lpr from within firefox. This is caused because some file descriptors are not being closed on the exec. fcntl(fd, F_SETFD, FD_CLOEXEC) This is a potential security hole in that the spawning process would be able to read/write from these open sockets. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Bring up a pdf in the viewer and attempt to print. 2. 3. Actual results: SELinux denial messages Expected results: No SELinux denial messages. Additional info:
Closing since I have not seen this recently,