Description of problem: Adding a new printer results in AVC Version-Release number of selected component (if applicable): selinux-policy-targeted-2.4.6-180.el5 Steps to Reproduce: 1. Install a new printer 2. 3. Summary: SELinux is preventing cups-deviced (cupsd_t) "signal" to <Unknown> (hplip_t). Detailed Description: [SELinux is in permissive mode, the operation would have been denied but was permitted due to permissive mode.] SELinux denied access requested by cups-deviced. It is not expected that this access is required by cups-deviced and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:system_r:hplip_t:s0-s0:c0.c1023 Target Objects None [ process ] Source cups-deviced Source Path /usr/lib/cups/daemon/cups-deviced Port <Unknown> Host screamer Source RPM Packages cups-1.3.7-7.el5 Target RPM Packages Policy RPM selinux-policy-2.4.6-180.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name catchall Host Name screamer Platform Linux screamer 2.6.18-122.el5 #1 SMP Mon Nov 3 18:18:14 EST 2008 i686 i686 Alert Count 1 First Seen Fri 07 Nov 2008 04:43:22 PM PST Last Seen Fri 07 Nov 2008 04:43:22 PM PST Local ID 77776acf-a2ce-4333-ab72-711aa2937e72 Line Numbers Raw Audit Messages host=screamer type=AVC msg=audit(1226105002.798:116): avc: denied { signal } for pid=29075 comm="cups-deviced" scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:hplip_t:s0-s0:c0.c1023 tclass=process host=screamer type=SYSCALL msg=audit(1226105002.798:116): arch=40000003 syscall=37 success=yes exit=0 a0=7194 a1=f a2=b77ff4 a3=bfc9cd54 items=0 ppid=2603 pid=29075 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="cups-deviced" exe="/usr/lib/cups/daemon/cups-deviced" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
Fixed in selinux-policy-2.4.6-183.el5
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0163.html