Bug 192216 - SELinux blocking cups-lpd again
Summary: SELinux blocking cups-lpd again
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 5
Hardware: i686
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact:
URL:
Whiteboard:
Keywords: Regression, SELinux
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-05-18 13:41 UTC by Ian Pilcher
Modified: 2007-11-30 22:11 UTC (History)
0 users

(edit)
Clone Of:
(edit)
Last Closed: 2006-06-21 17:56:44 UTC


Attachments (Terms of Use)

Description Ian Pilcher 2006-05-18 13:41:52 UTC
Description of problem:

The following audit messages occur every time a job is submitted to cups-lpd:

type=AVC msg=audit(1147958690.440:1241): avc:  denied  { search } for  pid=23311
comm="cups-lpd" name="cups" dev=md1 ino=3022474
scontext=system_u:system_r:cupsd_lpd_t:s0
tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1147958690.440:1241): arch=40000003 syscall=195
success=no exit=-13 a0=e2b582 a1=bff75790 a2=31cff4 a3=e2b582 items=1 pid=23311
auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7
comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd"
type=CWD msg=audit(1147958690.440:1241):  cwd="/"
type=PATH msg=audit(1147958690.440:1241): item=0 name="/var/run/cups/cups.sock"
flags=101
type=AVC msg=audit(1147958690.444:1242): avc:  denied  { create } for  pid=23311
comm="cups-lpd" scontext=system_u:system_r:cupsd_lpd_t:s0
tcontext=system_u:system_r:cupsd_lpd_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1147958690.444:1242): arch=40000003 syscall=102
success=no exit=-13 a0=1 a1=bff75508 a2=31cff4 a3=bff75af9 items=0 pid=23311
auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7
comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd"
type=SOCKETCALL msg=audit(1147958690.444:1242): nargs=3 a0=10 a1=3 a2=0


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.38-1.fc5


How reproducible:

100%


Steps to Reproduce:
1. Update to selinux-policy-targeted-2.2.38-1.fc5
2. Submit a job via cups-lpd

  
Actual results:

Job not printed.


Expected results:

Job should be printed.


Additional info:

Is cupsd_lpd_t new?  It does not appear to have sufficient privileges.

Comment 1 Daniel Walsh 2006-05-23 20:28:25 UTC
Fixed in selinux-policy-targeted-2.2.42-2.fc5


Note You need to log in before you can comment on or make changes to this bug.