588295 – (gcmselinux) denied { getattr } for pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock"

Bug 588295 (gcmselinux) - denied { getattr } for pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock"

Summary: denied { getattr } for pid=1568 comm="gcm-apply" path="/var/run/cups/cups.s...

Keywords:
Status:	CLOSED ERRATA
Alias:	gcmselinux
Product:	Fedora
Classification:	Fedora
Component:	gnome-color-manager
Sub Component:
Version:	13
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Richard Hughes
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Duplicates (7):	585723 588152 590016 590465 592637 593207 596744 (view as bug list)
Depends On:
Blocks:	F13Blocker, F13FinalBlocker
TreeView+	depends on / blocked

Reported:	2010-05-03 12:32 UTC by Kamil Páral
Modified:	2010-05-27 14:03 UTC (History)
CC List:	13 users (show)
Fixed In Version:	gnome-color-manager-2.30.1-2.fc13
Clone Of:
Environment:
Last Closed:	2010-05-04 23:49:23 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
audit.log (9.00 KB, text/plain) 2010-05-03 12:32 UTC, Kamil Páral	no flags	Details
View All

Description Kamil Páral 2010-05-03 12:32:28 UTC

Description of problem:

Right after installing and booting F13 TC1 from Live image:

type=AVC msg=audit(1272889100.820:12): avc:  denied  { getattr } for  pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock" dev=dm-1 ino=136 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file

type=AVC msg=audit(1272889100.834:13): avc:  denied  { write } for  pid=1568 comm="gcm-apply" name="cups.sock" dev=dm-1 ino=136 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file

type=AVC msg=audit(1272889100.834:13): avc:  denied  { connectto } for  pid=1568 comm="gcm-apply" path="/var/run/cups/cups.sock" scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tclass=unix_stream_socket

type=AVC msg=audit(1272889101.943:14): avc:  denied  { name_bind } for  pid=1568 comm="gcm-apply" src=8610 scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ipp_port_t:s0 tclass=udp_socket


Version-Release number of selected component (if applicable):
Fedora 13 TC1
selinux-policy-3.7.19-6.fc13.noarch
selinux-policy-targeted-3.7.19-6.fc13.noarch

Comment 1 Kamil Páral 2010-05-03 12:32:48 UTC

Created attachment 410967 [details]
audit.log

Comment 2 Daniel Walsh 2010-05-03 14:13:48 UTC

This looks like the same problem with xsane_init?

Comment 3 Richard Hughes 2010-05-03 14:35:58 UTC

Can you try with the gnome-color-manager build here please: http://people.freedesktop.org/~hughsient/fedora/

Comment 4 Kamil Páral 2010-05-03 16:40:45 UTC

I have re-installed from F13 TC1 Live and I don't see this problem anymore. Where can be the difference?

Comment 5 Tom "spot" Callaway 2010-05-03 19:24:51 UTC

(In reply to comment #3)
> Can you try with the gnome-color-manager build here please:
> http://people.freedesktop.org/~hughsient/fedora/    

Dan Walsh verbally confirmed to me that your update fixes this issue.

Please go ahead and push it for F-13 to close out this blocker.

Comment 6 Adam Williamson 2010-05-04 01:59:03 UTC

richard, could you push the update asap? tomorrow's red letter day, we need all the fixes we can get by then...thanks.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 7 Fedora Update System 2010-05-04 09:21:56 UTC

gnome-color-manager-2.30.1-2.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/gnome-color-manager-2.30.1-2.fc13

Comment 8 Daniel Walsh 2010-05-04 14:20:04 UTC

I was getting these AVC's with the xguest user, but after updating I no longer see them.  I was never seeing the errors with xdm.

Comment 9 Adam Williamson 2010-05-04 21:34:55 UTC

Richard, we can't close the bug until the update is pushed to stable. You should be able to submit it for stable immediately, and it should be accepted. thanks!

Comment 10 Fedora Update System 2010-05-04 23:49:11 UTC

gnome-color-manager-2.30.1-2.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Richard Hughes 2010-05-07 17:53:25 UTC

*** Bug 590016 has been marked as a duplicate of this bug. ***

Comment 12 Daniel Walsh 2010-05-18 12:45:11 UTC

*** Bug 588152 has been marked as a duplicate of this bug. ***

Comment 13 Daniel Walsh 2010-05-18 12:46:10 UTC

*** Bug 585723 has been marked as a duplicate of this bug. ***

Comment 14 Daniel Walsh 2010-05-18 12:46:52 UTC

*** Bug 592637 has been marked as a duplicate of this bug. ***

Comment 15 Daniel Walsh 2010-05-18 12:47:15 UTC

*** Bug 593207 has been marked as a duplicate of this bug. ***

Comment 16 Daniel Walsh 2010-05-18 12:47:44 UTC

*** Bug 590465 has been marked as a duplicate of this bug. ***

Comment 17 Daniel Walsh 2010-05-27 14:03:11 UTC

*** Bug 596744 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.