Bug 547050 - SELinux is preventing brprintconfij2 (cupsd_t) "write" to ./inf (usr_t).
Summary: SELinux is preventing brprintconfij2 (cupsd_t) "write" to ./inf (usr_t).
Keywords:
Status: CLOSED DUPLICATE of bug 538428
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:942778aa053...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-12-13 11:17 UTC by gervandijck
Modified: 2009-12-14 10:52 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-12-14 10:52:00 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description gervandijck 2009-12-13 11:17:07 UTC 
Samenvatting:

SELinux is preventing brprintconfij2 (cupsd_t) "write" to ./inf (usr_t).

Gedetailleerde omschrijving:

SELinux denied access requested by brprintconfij2. It is not expected that this
access is required by brprintconfij2 and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

Teogang toestaan:

Sometimes labeling problems can cause SELinux denials. You could try to restore
the default system file context for ./inf,

restorecon -v './inf'

If this does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable
SELinux protection altogether. Disabling SELinux protection is not recommended.
Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.

Additionele informatie:

Bron context                  system_u:system_r:cupsd_t:s0-s0:c0.c1023
Doel context                  system_u:object_r:usr_t:s0
Doel objecten                 ./inf [ dir ]
Bron                          brprintconfij2
Bron pad                      /usr/bin/brprintconfij2
Poort                         <Onbekend>
Host                          (removed)
Bron RPM pakketten            FAX1840Clpr-1.0.2-1
Doel RPM pakketten            
Gedragslijn RPM               selinux-policy-3.3.1-135.fc9
SELinux aangezet              True
Gedragslijn type              targeted
MLS aangezet                  True
Enforcing modus               Enforcing
Pluginnaam                    catchall_file
Hostnaam                      (removed)
Platform                      Linux (removed)
                              2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18
                              12:47:50 EDT 2009 i686 i686
Aantal waarschuwingen         102
Eerst gezien op               zo 06 dec 2009 16:51:58 CET
Laatst gezien op              do 10 dec 2009 17:43:19 CET
Locale ID                     099e4198-0660-42b5-a95b-791a406737cf
Regelnummers                  

Onbewerkte audit boodschappen 

node=(removed) type=AVC msg=audit(1260463399.785:225): avc:  denied  { write } for  pid=7219 comm="brprintconfij2" name="inf" dev=dm-0 ino=3997732 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=dir

node=(removed) type=SYSCALL msg=audit(1260463399.785:225): arch=40000003 syscall=38 per=400000 success=no exit=-13 a0=bfede350 a1=bfeddf40 a2=804a4c8 a3=bfede350 items=0 ppid=6290 pid=7219 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="brprintconfij2" exe="/usr/bin/brprintconfij2" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)


vandijck.ger
Hash String generated from  selinux-policy-3.3.1-135.fc9,catchall_file,brprintconfij2,cupsd_t,usr_t,dir,write
audit2allow suggests:

#============= cupsd_t ==============
allow cupsd_t usr_t:dir write;
Comment 1 Miroslav Grepl 2009-12-14 10:52:00 UTC 

*** This bug has been marked as a duplicate of bug 538428 ***
Note You need to log in before you can comment on or make changes to this bug.