Bug 545938 - SELinux is preventing /lib/udev/udev-configure-printer "module_request" access.
Summary: SELinux is preventing /lib/udev/udev-configure-printer "module_request" access.
Keywords:
Status: CLOSED DUPLICATE of bug 527936
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:90afa93892d...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-09 17:14 UTC by jamesmccullough
Modified: 2009-12-15 22:58 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-12-09 17:18:24 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description jamesmccullough 2009-12-09 17:14:16 UTC 
Summary:

SELinux is preventing /lib/udev/udev-configure-printer "module_request" access.

Detailed Description:

SELinux denied access requested by udev-configure-. It is not expected that this
access is required by udev-configure- and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Allowing Access:

You can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug
report.

Additional Information:

Source Context                system_u:system_r:cupsd_config_t:s0-s0:c0.c1023
Target Context                system_u:system_r:kernel_t:s0
Target Objects                None [ system ]
Source                        udev-configure-
Source Path                   /lib/udev/udev-configure-printer
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           system-config-printer-udev-1.1.13-10.fc12
Target RPM Packages           
Policy RPM                    selinux-policy-3.6.32-49.fc12
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Plugin Name                   catchall
Host Name                     (removed)
Platform                      Linux (removed) 2.6.31.6-162.fc12.i686.PAE #1 SMP
                              Fri Dec 4 00:43:59 EST 2009 i686 i686
Alert Count                   5
First Seen                    Mon 07 Dec 2009 07:02:35 AM EST
Last Seen                     Mon 07 Dec 2009 08:08:20 AM EST
Local ID                      c310c49c-8794-4089-ab4a-91cc8612462f
Line Numbers                  

Raw Audit Messages            

node=(removed) type=AVC msg=audit(1260191300.912:26499): avc:  denied  { module_request } for  pid=941 comm="udev-configure-" scontext=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 tcontext=system_u:system_r:kernel_t:s0 tclass=system

node=(removed) type=SYSCALL msg=audit(1260191300.912:26499): arch=40000003 syscall=102 success=no exit=-97 a0=1 a1=bfb178e0 a2=5a3580 a3=820a548 items=0 ppid=1 pid=941 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="udev-configure-" exe="/lib/udev/udev-configure-printer" subj=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 key=(null)



Hash String generated from  selinux-policy-3.6.32-49.fc12,catchall,udev-configure-,cupsd_config_t,kernel_t,system,module_request
audit2allow suggests:

#============= cupsd_config_t ==============
allow cupsd_config_t kernel_t:system module_request;
Comment 1 Daniel Walsh 2009-12-09 17:18:24 UTC 
Did you disable ipv6?

If not reopen bug

*** This bug has been marked as a duplicate of bug 527936 ***
Note You need to log in before you can comment on or make changes to this bug.