Zusammenfassung: SELinux is preventing /usr/lib/cups/backend/tpu "read" access. Detaillierte Beschreibung: SELinux denied access requested by tpu. It is not expected that this access is required by tpu and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Zugriff erlauben: You can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Please file a bug report. Zusätzliche Informationen: Quellkontext system_u:system_r:cupsd_t:s0-s0:c0.c1023 Zielkontext system_u:system_r:initrc_t:s0 Zielobjekte None [ sem ] Quelle tpu Quellen-Pfad /usr/lib/cups/backend/tpu Port <Unbekannt> Host (removed) Quellen-RPM-Pakete Ziel-RPM-Pakete RPM-Richtlinie selinux-policy-3.6.32-55.fc12 SELinux aktiviert True Richtlinienversion targeted Enforcing-Modus Enforcing Plugin-Name catchall Hostname (removed) Plattform Linux (removed) 2.6.31.6-166.fc12.x86_64 #1 SMP Wed Dec 9 10:46:22 EST 2009 x86_64 x86_64 Anzahl der Alarme 1 Zuerst gesehen Di 15 Dez 2009 00:59:34 CET Zuletzt gesehen Di 15 Dez 2009 00:59:34 CET Lokale ID 617d3e79-6256-41e8-86e4-0fa91888f4f1 Zeilennummern Raw-Audit-Meldungen node=(removed) type=AVC msg=audit(1260835174.948:35845): avc: denied { read } for pid=2568 comm="tpu" key=4759 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:initrc_t:s0 tclass=sem node=(removed) type=SYSCALL msg=audit(1260835174.948:35845): arch=c000003e syscall=66 success=no exit=-13 a0=0 a1=0 a2=c a3=7fe3e204884e items=0 ppid=1315 pid=2568 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm="tpu" exe="/usr/lib/cups/backend/tpu" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-55.fc12,catchall,tpu,cupsd_t,initrc_t,sem,read audit2allow suggests: #============= cupsd_t ============== allow cupsd_t initrc_t:sem read;
You can add these rules for now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.32-59.fc12.noarch
*** Bug 547570 has been marked as a duplicate of this bug. ***
selinux-policy-3.6.32-59.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-59.fc12
selinux-policy-3.6.32-59.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13384