Bug 426052 - SELinux is preventing /sbin/modprobe (insmod_t) "sys_nice" to <Unknown> (insmod_t)
SELinux is preventing /sbin/modprobe (insmod_t) "sys_nice" to <Unknown> (insm...
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
7
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-17 20:09 EST by Scott Griffin
Modified: 2008-01-03 11:04 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-03 11:04:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
I have attached the SELinux Troubleshoot message. (2.06 KB, application/octet-stream)
2007-12-17 20:09 EST, Scott Griffin
no flags Details

  None (edit)
Description Scott Griffin 2007-12-17 20:09:46 EST
Description of problem:
I am unable to print (regular user) to my HP LaserJet 2100 due to the following
error message:
SELinux is preventing /sbin/modprobe (insmod_t) "sys_nice" to <Unknown> (insmod_t)


Version-Release number of selected component (if applicable):
Fedora7 SELINUX=enforcing SELINUXTYPE=targeted
selinux-policy-2.6.4-61.fc7

How reproducible:
Set SELinux to Enforcing and targeted, try to print using the printer drivers
part of the yum repos downloaded with Fedora 7. SELinux Troubleshoot browser
appears and it will deny any attempts to print. 

Steps to Reproduce:
1. SELinux = Enabled
2. Targeted 
3. Unable to print, access denied.
  
Actual results:
Raw Audit Messages            

avc: denied { sys_nice } for comm="modprobe" egid=0 euid=0 exe="/sbin/modprobe"
exit=0 fsgid=0 fsuid=0 gid=0 items=0 pid=5825
scontext=system_u:system_r:insmod_t:s0 sgid=0 subj=system_u:system_r:insmod_t:s0
suid=0 tclass=capability tcontext=system_u:system_r:insmod_t:s0 tty=(none) uid=0

Expected results:
Should be able to print, I want to leave SELinux enabled and targeted on my
systems or if a Boolean value can be given as a work around maybe?

Additional info: 
Please contact me at grifs71@yahoo.com if you need any further information. 

Thanks,
Scott Griffin
Comment 1 Scott Griffin 2007-12-17 20:09:46 EST
Created attachment 289836 [details]
I have attached the SELinux Troubleshoot message.
Comment 2 Scott Griffin 2007-12-17 20:14:07 EST
I had seen another error like this one, however I have the latest SELinux-Policy
installed.

I have to set SELinux to permissive to print, and I do not want to lower my
security setting.

Any help would be appreciated.

Thanks
Scott Griffin
Comment 3 Daniel Walsh 2007-12-18 09:20:29 EST
This is strange since this has been allowed for quite a while. 

Could you reinstall selinux-policy-2.6.4-61 and make sure you get no errors.

What does the output of 
# sesearch --allow | grep insmod | grep sys_nice
show?

(setools package)
Comment 4 Scott Griffin 2007-12-18 19:42:20 EST
I do not have a command 'sesearch' I get an error or do I need to install a package?

Thanks,
Scott
Comment 5 Daniel Walsh 2007-12-19 12:08:14 EST
yum install setools
Comment 6 Scott Griffin 2007-12-30 20:28:40 EST
I am sorry for the delay I have installed the setools and will be investigating.


Scott Griffin

Note You need to log in before you can comment on or make changes to this bug.