Summary: SELinux is preventing /usr/sbin/cupsd "search" access on vmis.CxD0Mq. Detailed Description: SELinux denied access requested by cupsd. It is not expected that this access is required by cupsd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects vmis.CxD0Mq [ dir ] Source cupsd Source Path /usr/sbin/cupsd Port <Unknown> Host (removed) Source RPM Packages cups-1.4.2-20.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-73.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.12-174.2.3.fc12.i686 #1 SMP Mon Jan 18 20:22:46 UTC 2010 i686 i686 Alert Count 32 First Seen Mon 01 Feb 2010 08:15:43 PM EST Last Seen Mon 01 Feb 2010 08:15:43 PM EST Local ID 708127ec-79d2-48d0-9122-2eb0fa33d230 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1265073343.59:337): avc: denied { search } for pid=9560 comm="cupsd" name="vmis.CxD0Mq" dev=sda6 ino=526686 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1265073343.59:337): arch=40000003 syscall=195 success=no exit=-13 a0=bfc36120 a1=bfc361c0 a2=8f9fc4 a3=8 items=0 ppid=9557 pid=9560 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts2 ses=1 comm="cupsd" exe="/usr/sbin/cupsd" subj=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash String generated from selinux-policy-3.6.32-73.fc12,catchall,cupsd,cupsd_t,user_tmp_t,dir,search audit2allow suggests: #============= cupsd_t ============== allow cupsd_t user_tmp_t:dir search;
Do you know what you were doing when this happened? packagekit update? system-config-printer? rpm?
*** Bug 562984 has been marked as a duplicate of this bug. ***
I myself, the person who had duplicate 562984, was simply installing VMware 7.0.0 when this error occurred.
Has hit happened since, or did it just happen during the install?
*** Bug 563664 has been marked as a duplicate of this bug. ***
Seems to be caused by vmware install. Miroslav, Please add ######################################## ## <summary> ## Dontaudit search user temporary directories. ## </summary> ## <param name="domain"> ## <summary> ## Domain allowed access. ## </summary> ## </param> # interface(`userdom_dontaduit_search_user_tmp',` gen_require(` type user_tmp_t; ') dontaudit $1 user_tmp_t:dir search_dir_perms; ') to userdomain.if And userdom_dontaudit_search_user_tmp(daemon) to init.te
No, I can safely say it has only happened during installation. I was using Kernel 2.6.32.7 from Updates-Testing at the time. VMware couldn't compile and start its services for this kernel after install and to use VMware, I had to fall back to 2.6.31.12. I am not sure if this is relevant or not, but I thought it was worth a mention. Maybe this is fixed in VMware Workstation 7.0.1.
*** Bug 564348 has been marked as a duplicate of this bug. ***
*** Bug 564349 has been marked as a duplicate of this bug. ***
*** Bug 564350 has been marked as a duplicate of this bug. ***
*** Bug 564351 has been marked as a duplicate of this bug. ***
Fixed in selinux-policy-3.6.32-90.fc12
*** Bug 565360 has been marked as a duplicate of this bug. ***
*** Bug 566349 has been marked as a duplicate of this bug. ***
*** Bug 566719 has been marked as a duplicate of this bug. ***
These alerts appear to be related to this bug and to vmware: Summary: SELinux is preventing /sbin/portreserve "getattr" access on /tmp/vmis.rO1vts/install/vmware-installer/python/lib/libsqlite3. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by portrelease. It is not expected that this access is required by portrelease and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:portreserve_t:s0 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects /tmp/vmis.rO1vts/install/vmware- installer/python/lib/libsqlite3 [ dir ] Source portrelease Source Path /sbin/portreserve Port <Unknown> Host (removed) Source RPM Packages portreserve-0.0.4-3.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-89.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP Fri Feb 19 18:55:03 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 22 Feb 2010 04:35:46 PM EST Last Seen Mon 22 Feb 2010 04:35:46 PM EST Local ID ebaa304e-8f4d-428e-b6db-9f59f38eb775 Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1266874546.520:66): avc: denied { getattr } for pid=4225 comm="portrelease" path="/tmp/vmis.rO1vts/install/vmware-installer/python/lib/libsqlite3" dev=sda3 ino=12444244 scontext=unconfined_u:system_r:portreserve_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1266874546.520:66): arch=c000003e syscall=4 success=yes exit=128 a0=7fffcef66e40 a1=7fffcef66f20 a2=7fffcef66f20 a3=ffffffff items=0 ppid=4217 pid=4225 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="portrelease" exe="/sbin/portreserve" subj=unconfined_u:system_r:portreserve_t:s0 key=(null) Summary: SELinux is preventing /usr/sbin/cupsd "search" access on vmis.rO1vts. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by cupsd. It is not expected that this access is required by cupsd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects vmis.rO1vts [ dir ] Source cupsd Source Path /usr/sbin/cupsd Port <Unknown> Host (removed) Source RPM Packages cups-1.4.2-20.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-89.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP Fri Feb 19 18:55:03 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 22 Feb 2010 04:35:46 PM EST Last Seen Mon 22 Feb 2010 04:35:46 PM EST Local ID e9c1db70-5883-43e1-8fab-c39a72df732d Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1266874546.531:67): avc: denied { search } for pid=4228 comm="cupsd" name="vmis.rO1vts" dev=sda3 ino=12443668 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1266874546.531:67): arch=c000003e syscall=2 success=no exit=-2 a0=7fff22a092c0 a1=0 a2=0 a3=2f336574696c7173 items=0 ppid=4226 pid=4228 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cupsd" exe="/usr/sbin/cupsd" subj=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Summary: SELinux is preventing /usr/sbin/cupsd "getattr" access on /tmp/vmis.rO1vts/install/vmware-installer/python/lib/libsqlite3. Detailed Description: [SELinux is in permissive mode. This access was not denied.] SELinux denied access requested by cupsd. It is not expected that this access is required by cupsd and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access: You can generate a local policy module to allow this access - see FAQ (http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug report. Additional Information: Source Context unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects /tmp/vmis.rO1vts/install/vmware- installer/python/lib/libsqlite3 [ dir ] Source cupsd Source Path /usr/sbin/cupsd Port <Unknown> Host (removed) Source RPM Packages cups-1.4.2-20.fc12 Target RPM Packages Policy RPM selinux-policy-3.6.32-89.fc12 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Plugin Name catchall Host Name (removed) Platform Linux (removed) 2.6.31.12-174.2.22.fc12.x86_64 #1 SMP Fri Feb 19 18:55:03 UTC 2010 x86_64 x86_64 Alert Count 1 First Seen Mon 22 Feb 2010 04:35:46 PM EST Last Seen Mon 22 Feb 2010 04:35:46 PM EST Local ID 923517df-b47a-4330-bf1f-dae3b675b06e Line Numbers Raw Audit Messages node=(removed) type=AVC msg=audit(1266874546.534:68): avc: denied { getattr } for pid=4228 comm="cupsd" path="/tmp/vmis.rO1vts/install/vmware-installer/python/lib/libsqlite3" dev=sda3 ino=12444244 scontext=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir node=(removed) type=SYSCALL msg=audit(1266874546.534:68): arch=c000003e syscall=4 success=yes exit=128 a0=7fff22a092c0 a1=7fff22a093a0 a2=7fff22a093a0 a3=ffffffff items=0 ppid=4226 pid=4228 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="cupsd" exe="/usr/sbin/cupsd" subj=unconfined_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
selinux-policy-3.6.32-92.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/selinux-policy-3.6.32-92.fc12
selinux-policy-3.6.32-92.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2010-2953
selinux-policy-3.6.32-92.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.