Description of problem: Unable to print while SELinux is on Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info: Summary SELinux is preventing brlpdwrapperdcp (cupsd_t) "execute" to brcupsconfpt1 (usr_t). Detailed Description SELinux denied access requested by brlpdwrapperdcp. It is not expected that this access is required by brlpdwrapperdcp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for brcupsconfpt1, restorecon -v brcupsconfpt1 If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Context system_u:object_r:usr_t Target Objects brcupsconfpt1 [ file ] Affected RPM Packages Policy RPM selinux-policy-2.6.4-26.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name editor.netcastaustralia.com Platform Linux editor.netcastaustralia.com 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 athlon Alert Count 4 First Seen Sat 14 Jul 2007 12:09:07 AM EST Last Seen Sat 14 Jul 2007 12:12:46 AM EST Local ID 799dc4ca-70bb-41dc-bb88-723614c73c00 Line Numbers Raw Audit Messages avc: denied { execute } for comm="brlpdwrapperdcp" dev=dm-0 egid=7 euid=4 exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="brcupsconfpt1" pid=3138 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4 Summary SELinux is preventing brlpdwrapperdcp (cupsd_t) "execute" to filterdcp130c (usr_t). Detailed Description SELinux denied access requested by brlpdwrapperdcp. It is not expected that this access is required by brlpdwrapperdcp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for filterdcp130c, restorecon -v filterdcp130c If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Context system_u:object_r:usr_t Target Objects filterdcp130c [ file ] Affected RPM Packages Policy RPM selinux-policy-2.6.4-26.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name editor.netcastaustralia.com Platform Linux editor.netcastaustralia.com 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 athlon Alert Count 4 First Seen Sat 14 Jul 2007 12:09:07 AM EST Last Seen Sat 14 Jul 2007 12:12:46 AM EST Local ID 0281db38-5093-4f1e-840c-81422a639639 Line Numbers Raw Audit Messages avc: denied { execute } for comm="brlpdwrapperdcp" dev=dm-0 egid=7 euid=4 exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="filterdcp130c" pid=3140 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
I do not know where brcupsconfpt1 and friends are located but they need to be labeled bin_t. chcon -t bin_t brcupsconfpt1 Will label them correctly. You also should execute semanage fcontext -a -t bin_t /PATHTO/brcupsconfpt1
brcupsconfpt1 are located " /usr/local/Brother/Printer/dcp130c/cupswrapper/brcupsconfpt1" the above got rid of one alert but i still get the following alert Summary SELinux is preventing brlpdwrapperdcp (cupsd_t) "execute" to filterdcp130c (usr_t). Detailed Description SELinux denied access requested by brlpdwrapperdcp. It is not expected that this access is required by brlpdwrapperdcp and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for filterdcp130c, restorecon -v filterdcp130c If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Context system_u:object_r:usr_t Target Objects filterdcp130c [ file ] Affected RPM Packages Policy RPM selinux-policy-2.6.4-26.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name editor.netcastaustralia.com Platform Linux editor.netcastaustralia.com 2.6.21-1.3228.fc7 #1 SMP Tue Jun 12 15:37:31 EDT 2007 i686 athlon Alert Count 2 First Seen Tue 17 Jul 2007 04:29:45 PM EST Last Seen Tue 17 Jul 2007 04:29:45 PM EST Local ID 1b97729f-d87e-4339-9f4e-21d01b2f8aeb Line Numbers Raw Audit Messages avc: denied { execute } for comm="brlpdwrapperdcp" dev=dm-0 egid=7 euid=4 exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 name="filterdcp130c" pid=5309 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file tcontext=system_u:object_r:usr_t:s0 tty=(none) uid=4
fixed in selinux-policy-2.6.4-41
Bulk closing all bugs in Fedora updates in the modified state. If you bug is not fixed, please reopen.