Bug 248154 - Brother Printer DCP-130C
Brother Printer DCP-130C
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
7
All Linux
low Severity urgent
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-13 10:19 EDT by Daryl Thompson
Modified: 2008-01-30 14:19 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:19:08 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Daryl Thompson 2007-07-13 10:19:54 EDT
Description of problem:
Unable to print while SELinux is on

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Summary
    SELinux is preventing brlpdwrapperdcp (cupsd_t) "execute" to brcupsconfpt1
    (usr_t).

Detailed Description
    SELinux denied access requested by brlpdwrapperdcp. It is not expected that
    this access is required by brlpdwrapperdcp and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for brcupsconfpt1, restorecon -v
    brcupsconfpt1 If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:usr_t
Target Objects                brcupsconfpt1 [ file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.6.4-26.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     editor.netcastaustralia.com
Platform                      Linux editor.netcastaustralia.com
                              2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT
                              2007 i686 athlon
Alert Count                   4
First Seen                    Sat 14 Jul 2007 12:09:07 AM EST
Last Seen                     Sat 14 Jul 2007 12:12:46 AM EST
Local ID                      799dc4ca-70bb-41dc-bb88-723614c73c00
Line Numbers                  

Raw Audit Messages            

avc: denied { execute } for comm="brlpdwrapperdcp" dev=dm-0 egid=7 euid=4
exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="brcupsconfpt1"
pid=3138 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4

Summary
    SELinux is preventing brlpdwrapperdcp (cupsd_t) "execute" to filterdcp130c
    (usr_t).

Detailed Description
    SELinux denied access requested by brlpdwrapperdcp. It is not expected that
    this access is required by brlpdwrapperdcp and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for filterdcp130c, restorecon -v
    filterdcp130c If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:usr_t
Target Objects                filterdcp130c [ file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.6.4-26.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     editor.netcastaustralia.com
Platform                      Linux editor.netcastaustralia.com
                              2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT
                              2007 i686 athlon
Alert Count                   4
First Seen                    Sat 14 Jul 2007 12:09:07 AM EST
Last Seen                     Sat 14 Jul 2007 12:12:46 AM EST
Local ID                      0281db38-5093-4f1e-840c-81422a639639
Line Numbers                  

Raw Audit Messages            

avc: denied { execute } for comm="brlpdwrapperdcp" dev=dm-0 egid=7 euid=4
exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="filterdcp130c"
pid=3140 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
Comment 1 Daniel Walsh 2007-07-13 11:52:10 EDT
I do not know where brcupsconfpt1 and friends are located but they need to be
labeled bin_t.

chcon -t bin_t brcupsconfpt1 

Will label them correctly.

You also should execute

semanage fcontext -a -t bin_t /PATHTO/brcupsconfpt1 
Comment 2 Daryl Thompson 2007-07-17 02:33:54 EDT
brcupsconfpt1 are located "
/usr/local/Brother/Printer/dcp130c/cupswrapper/brcupsconfpt1"

the above got rid of one alert but i still get the following alert


Summary
    SELinux is preventing brlpdwrapperdcp (cupsd_t) "execute" to filterdcp130c
    (usr_t).

Detailed Description
    SELinux denied access requested by brlpdwrapperdcp. It is not expected that
    this access is required by brlpdwrapperdcp and this access may signal an
    intrusion attempt. It is also possible that the specific version or
    configuration of the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for filterdcp130c, restorecon -v
    filterdcp130c If this does not work, there is currently no automatic way to
    allow this access. Instead,  you can generate a local policy module to allow
    this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385
    Or you can disable SELinux protection altogether. Disabling SELinux
    protection is not recommended. Please file a
    http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.

Additional Information        

Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:usr_t
Target Objects                filterdcp130c [ file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-2.6.4-26.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     editor.netcastaustralia.com
Platform                      Linux editor.netcastaustralia.com
                              2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT
                              2007 i686 athlon
Alert Count                   2
First Seen                    Tue 17 Jul 2007 04:29:45 PM EST
Last Seen                     Tue 17 Jul 2007 04:29:45 PM EST
Local ID                      1b97729f-d87e-4339-9f4e-21d01b2f8aeb
Line Numbers                  

Raw Audit Messages            

avc: denied { execute } for comm="brlpdwrapperdcp" dev=dm-0 egid=7 euid=4
exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="filterdcp130c"
pid=5309 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4

Comment 3 Daniel Walsh 2007-09-04 15:56:46 EDT
fixed in selinux-policy-2.6.4-41
Comment 4 Daniel Walsh 2008-01-30 14:19:08 EST
Bulk closing all bugs in Fedora updates in the modified state.  If you bug is
not fixed, please reopen.

Note You need to log in before you can comment on or make changes to this bug.