Bug 294791 - Yum update of cupsd causes AVC
Yum update of cupsd causes AVC
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-09-18 10:28 EDT by Ken Reilly
Modified: 2008-01-30 14:06 EST (History)
1 user (show)

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-30 14:06:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pete Graner 2007-09-18 10:28:42 EDT
Description of problem: updating to rawhide 2007-09-18 causes the following AVC: 


Version-Release number of selected component (if applicable):

[pgraner@moltar ~]$ rpm -q selinux-policy-targeted
selinux-policy-targeted-3.0.7-10.fc8

Summary
    SELinux is preventing cupsd (cupsd_t) "check_context" to <Unknown>
    (security_t).

Detailed Description
    SELinux denied access requested by cupsd. It is not expected that this
    access is required by cupsd and this access may signal an intrusion attempt.
    It is also possible that the specific version or configuration of the
    application is causing it to require additional access.

Allowing Access
    You can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:security_t
Target Objects                None [ security ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.7-10.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.catchall
Host Name                     moltar.redvoodoo.org
Platform                      Linux moltar.redvoodoo.org
                              2.6.23-0.184.rc6.git4.fc8 #1 SMP Fri Sep 14
                              17:42:59 EDT 2007 i686 i686
Alert Count                   12
First Seen                    Wed 12 Sep 2007 09:00:09 AM EDT
Last Seen                     Tue 18 Sep 2007 10:02:09 AM EDT
Local ID                      392d9a7e-c9ba-48a0-9b36-c9907de8eb94
Line Numbers                  

Raw Audit Messages            

avc: denied { check_context } for comm=cupsd pid=10295
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=security
tcontext=system_u:object_r:security_t:s0
Comment 1 Daniel Walsh 2007-09-18 10:44:23 EDT
Fixed in selinux-policy-3.0.8-2
Comment 2 Red Hat Bugzilla 2007-10-23 11:25:27 EDT
User pgraner@redhat.com's account has been closed
Comment 3 Daniel Walsh 2008-01-30 14:06:54 EST
Bulk closing a old selinux policy bugs that were in the modified state.  If the
bug is still not fixed.  Please reopen.

Note You need to log in before you can comment on or make changes to this bug.