Summary: SELinux is preventing python (hplip_t) "read" security_t. Detailed Description: SELinux denied access requested by python. It is not expected that this access is required by python and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package. Additional Information: Source Context system_u:system_r:hplip_t:s0 Target Context system_u:object_r:security_t:s0 Target Objects mls [ file ] Source python Source Path /usr/bin/python Port <Unknown> Host localhost.localdomain Source RPM Packages python-2.6-9.fc11 Target RPM Packages Policy RPM selinux-policy-3.6.12-50.fc11 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall Host Name localhost.localdomain Platform Linux localhost.localdomain 2.6.29.4-167.fc11.x86_64 #1 SMP Wed May 27 17:27:08 EDT 2009 x86_64 x86_64 Alert Count 10 First Seen Sat 20 Jun 2009 02:04:49 AM PDT Last Seen Sun 21 Jun 2009 01:45:41 PM PDT Local ID 0c74587a-b7e1-46de-84a0-9e409279be03 Line Numbers Raw Audit Messages node=localhost.localdomain type=AVC msg=audit(1245617141.548:11): avc: denied { read } for pid=1805 comm="python" name="mls" dev=selinuxfs ino=12 scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:security_t:s0 tclass=file node=localhost.localdomain type=SYSCALL msg=audit(1245617141.548:11): arch=c000003e syscall=2 success=no exit=559472600 a0=7fff4dece720 a1=0 a2=7fff4dece72c a3=fffffff8 items=0 ppid=1583 pid=1805 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="python" exe="/usr/bin/python" subj=system_u:system_r:hplip_t:s0 key=(null)
*** This bug has been marked as a duplicate of bug 507098 ***
You can add these rules now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.12-57.fc11