Bug 593012 - SELinux is preventing ccp "write" access on /var/ccpd/fifo.
Summary: SELinux is preventing ccp "write" access on /var/ccpd/fifo.
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 13
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:4357526950a...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-17 15:39 UTC by tomas
Modified: 2010-05-17 16:44 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-05-17 16:44:18 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description tomas 2010-05-17 15:39:09 UTC 
Souhrn:

SELinux is preventing ccp "write" access on /var/ccpd/fifo.

Podrobný popis:

[SELinux je v tolerantním režimu. Přístup byl povolen.]

SELinux denied access requested by ccp. It is not expected that this access is
required by ccp and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Další informace:

Kontext zdroje                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Kontext cíle                 unconfined_u:object_r:var_t:s0
Objekty cíle                 /var/ccpd/fifo [ fifo_file ]
Zdroj                         ccp
Cesta zdroje                  ccp
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.7.19-13.fc13
Selinux povolen               True
Typ politiky                  targeted
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.33.3-85.fc13.x86_64
                              #1 SMP Thu May 6 18:09:49 UTC 2010 x86_64 x86_64
Počet upozornění           2
Poprvé viděno               Po 17. květen 2010, 17:33:53 CEST
Naposledy viděno             Po 17. květen 2010, 17:33:53 CEST
Místní ID                   07db58e4-293b-44b0-8fc0-028f2490c481
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1274110433.884:30631): avc:  denied  { write } for  pid=3156 comm="ccp" name="fifo" dev=dm-1 ino=788993 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=fifo_file

node=(removed) type=AVC msg=audit(1274110433.884:30631): avc:  denied  { open } for  pid=3156 comm="ccp" name="fifo" dev=dm-1 ino=788993 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=fifo_file



Hash String generated from  catchall,ccp,cupsd_t,var_t,fifo_file,write
audit2allow suggests:

#============= cupsd_t ==============
#!!!! The source type 'cupsd_t' can write to a 'fifo_file' of the following types:
# cupsd_var_run_t, pcscd_var_run_t, cupsd_tmp_t

allow cupsd_t var_t:fifo_file { write open };
Comment 1 Daniel Walsh 2010-05-17 16:44:18 UTC 
You have a labeling problem

# restorecon -R -v /var/ccpd
Note You need to log in before you can comment on or make changes to this bug.