Description of problem: Every time I try to print this SELinux error keeps popping up. Version-Release number of selected component (if applicable): Fedora 7 How reproducible: trying to print Steps to Reproduce: 1.same 2.same 3.same Actual results: crash Expected results: crash Additional info:Summary SELinux is preventing sh (cupsd_t) "getattr" to /usr/bin/hpijs (hplip_exec_t). Detailed Description SELinux denied access requested by sh. It is not expected that this access is required by sh and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /usr/bin/hpijs, restorecon -v /usr/bin/hpijs If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Context system_u:object_r:hplip_exec_t Target Objects /usr/bin/hpijs [ file ] Affected RPM Packages hpijs-1.7.4a-6.fc7 [target] Policy RPM selinux-policy-2.6.4-61.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.catchall_file Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.23.8-34.fc7 #1 SMP Thu Nov 22 23:05:33 EST 2007 i686 i686 Alert Count 3 First Seen Fri 14 Dec 2007 03:36:03 PM PST Last Seen Fri 14 Dec 2007 03:41:24 PM PST Local ID 2b5fec98-c135-44d1-b279-23b828c267f3 Line Numbers Raw Audit Messages avc: denied { getattr } for comm="sh" dev=dm-0 egid=7 euid=4 exe="/bin/bash" exit=-13 fsgid=7 fsuid=4 gid=7 items=0 path="/usr/bin/hpijs" pid=16130 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file tcontext=system_u:object_r:hplip_exec_t:s0 tty=(none) uid=4
Please help me fix this. I really, really need my printer to work for my business. Thank you, Robert McLachlan
You can allow this for now by executing Put machine in permissive mode. # setenforce 0 print something # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp # setenforce 1 You should be able to print. Fixed in selinux-policy-2.6.4-63.fc7
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.