This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 213475 - Add an additional MLS constraint to allow writing over the range of a file
Add an additional MLS constraint to allow writing over the range of a file
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-01 11:56 EST by Matt Anderson
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: 5.0.0
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-28 16:08:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
The original patch posted to the SELinux mailing list (1.90 KB, patch)
2006-11-01 11:56 EST, Matt Anderson
no flags Details | Diff

  None (edit)
Description Matt Anderson 2006-11-01 11:56:49 EST
Description of problem:
Ranged printers are currently not supported by the selinux-policy

Version-Release number of selected component (if applicable):


How reproducible:
everytime

Steps to Reproduce:
1. use chcon -l SystemLow-Secret /dev/lp0
2. newrole -l Unclassified
3. attempt to print lpr /etc/passwd
  
Actual results:
SELinux will deny access to the printer

Expected results:
Since the printer device is ranged write access should be allowed over the range

Additional info:
The following patch has been accepted upstream in the reference policy, with the
change of the line:
mls_file_write_within_range(printer_device_t)
was moved to the policy/modules/kernel/devices.te file instead of
policy/modules/services/cups.te
Comment 1 Matt Anderson 2006-11-01 11:56:49 EST
Created attachment 140004 [details]
The original patch posted to the SELinux mailing list
Comment 2 Daniel Walsh 2006-11-06 13:43:06 EST
Fixed in selinux-policy-2.4.3-1
Comment 4 RHEL Product and Program Management 2006-11-06 18:06:44 EST
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux release.  Product Management has requested further review
of this request by Red Hat Engineering.  This request is not yet committed for
inclusion in release.
Comment 5 Jay Turner 2006-11-07 13:35:00 EST
QE ack for RHEL5B2.

Note You need to log in before you can comment on or make changes to this bug.