Description of problem: The following audit messages occur every time a job is submitted to cups-lpd: type=AVC msg=audit(1147958690.440:1241): avc: denied { search } for pid=23311 comm="cups-lpd" name="cups" dev=md1 ino=3022474 scontext=system_u:system_r:cupsd_lpd_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir type=SYSCALL msg=audit(1147958690.440:1241): arch=40000003 syscall=195 success=no exit=-13 a0=e2b582 a1=bff75790 a2=31cff4 a3=e2b582 items=1 pid=23311 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd" type=CWD msg=audit(1147958690.440:1241): cwd="/" type=PATH msg=audit(1147958690.440:1241): item=0 name="/var/run/cups/cups.sock" flags=101 type=AVC msg=audit(1147958690.444:1242): avc: denied { create } for pid=23311 comm="cups-lpd" scontext=system_u:system_r:cupsd_lpd_t:s0 tcontext=system_u:system_r:cupsd_lpd_t:s0 tclass=netlink_route_socket type=SYSCALL msg=audit(1147958690.444:1242): arch=40000003 syscall=102 success=no exit=-13 a0=1 a1=bff75508 a2=31cff4 a3=bff75af9 items=0 pid=23311 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd" type=SOCKETCALL msg=audit(1147958690.444:1242): nargs=3 a0=10 a1=3 a2=0 Version-Release number of selected component (if applicable): selinux-policy-targeted-2.2.38-1.fc5 How reproducible: 100% Steps to Reproduce: 1. Update to selinux-policy-targeted-2.2.38-1.fc5 2. Submit a job via cups-lpd Actual results: Job not printed. Expected results: Job should be printed. Additional info: Is cupsd_lpd_t new? It does not appear to have sufficient privileges.
Fixed in selinux-policy-targeted-2.2.42-2.fc5