Summary SELinux is preventing /usr/sbin/cupsd (cupsd_t) "create" to <Unknown> (print_spool_t). Detailed Description SELinux denied access requested by /usr/sbin/cupsd. It is not expected that this access is required by /usr/sbin/cupsd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown> If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Additional Information Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:print_spool_t:s0 Target Objects None [ dir ] Affected RPM Packages cups-1.3.4-4.fc8 [application] Policy RPM selinux-policy-3.0.8-64.fc8 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall_file Host Name sds-desk.sterndata.com Platform Linux sds-desk.sterndata.com 2.6.23.8-63.fc8 #1 SMP Wed Nov 21 18:51:08 EST 2007 i686 i686 Alert Count 1 First Seen Sun 16 Dec 2007 11:05:21 AM CST Last Seen Sun 16 Dec 2007 11:05:21 AM CST Local ID ecc9a90b-9e1d-412b-9134-f1460e44a320 Line Numbers Raw Audit Messages avc: denied { create } for comm=cupsd egid=0 euid=0 exe=/usr/sbin/cupsd exit=0 fsgid=0 fsuid=0 gid=0 items=0 name=tmp pid=12785 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=0 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=0 tclass=dir tcontext=system_u:object_r:print_spool_t:s0 tty=(none) uid=0
You can allow this for now by executing # audit2allow -M mypol -i /var/log/audit/audit.log # semodule -i mypol.pp Fixed in selinux-policy-3.0.8-73.fc8
Bulk closing a old selinux policy bugs that were in the modified state. If the bug is still not fixed. Please reopen.