Bug 192216 - SELinux blocking cups-lpd again
SELinux blocking cups-lpd again
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
5
i686 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
: Regression, SELinux
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-05-18 09:41 EDT by Ian Pilcher
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: selinux-policy-targeted-2.2.42-2.fc5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-06-21 13:56:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ian Pilcher 2006-05-18 09:41:52 EDT
Description of problem:

The following audit messages occur every time a job is submitted to cups-lpd:

type=AVC msg=audit(1147958690.440:1241): avc:  denied  { search } for  pid=23311
comm="cups-lpd" name="cups" dev=md1 ino=3022474
scontext=system_u:system_r:cupsd_lpd_t:s0
tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=dir
type=SYSCALL msg=audit(1147958690.440:1241): arch=40000003 syscall=195
success=no exit=-13 a0=e2b582 a1=bff75790 a2=31cff4 a3=e2b582 items=1 pid=23311
auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7
comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd"
type=CWD msg=audit(1147958690.440:1241):  cwd="/"
type=PATH msg=audit(1147958690.440:1241): item=0 name="/var/run/cups/cups.sock"
flags=101
type=AVC msg=audit(1147958690.444:1242): avc:  denied  { create } for  pid=23311
comm="cups-lpd" scontext=system_u:system_r:cupsd_lpd_t:s0
tcontext=system_u:system_r:cupsd_lpd_t:s0 tclass=netlink_route_socket
type=SYSCALL msg=audit(1147958690.444:1242): arch=40000003 syscall=102
success=no exit=-13 a0=1 a1=bff75508 a2=31cff4 a3=bff75af9 items=0 pid=23311
auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7
comm="cups-lpd" exe="/usr/lib/cups/daemon/cups-lpd"
type=SOCKETCALL msg=audit(1147958690.444:1242): nargs=3 a0=10 a1=3 a2=0


Version-Release number of selected component (if applicable):

selinux-policy-targeted-2.2.38-1.fc5


How reproducible:

100%


Steps to Reproduce:
1. Update to selinux-policy-targeted-2.2.38-1.fc5
2. Submit a job via cups-lpd

  
Actual results:

Job not printed.


Expected results:

Job should be printed.


Additional info:

Is cupsd_lpd_t new?  It does not appear to have sufficient privileges.
Comment 1 Daniel Walsh 2006-05-23 16:28:25 EDT
Fixed in selinux-policy-targeted-2.2.42-2.fc5

Note You need to log in before you can comment on or make changes to this bug.