Bug 593012 - SELinux is preventing ccp "write" access on /var/ccpd/fifo.
SELinux is preventing ccp "write" access on /var/ccpd/fifo.
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
13
x86_64 Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
setroubleshoot_trace_hash:4357526950a...
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-05-17 11:39 EDT by tomas
Modified: 2010-05-17 12:44 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-17 12:44:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description tomas 2010-05-17 11:39:09 EDT
Souhrn:

SELinux is preventing ccp "write" access on /var/ccpd/fifo.

Podrobný popis:

[SELinux je v tolerantním režimu. Přístup byl povolen.]

SELinux denied access requested by ccp. It is not expected that this access is
required by ccp and this access may signal an intrusion attempt. It is also
possible that the specific version or configuration of the application is
causing it to require additional access.

Povolení přístupu:

You can generate a local policy module to allow this access - see FAQ
(http://docs.fedoraproject.org/selinux-faq-fc5/#id2961385) Please file a bug
report.

Další informace:

Kontext zdroje                system_u:system_r:cupsd_t:s0-s0:c0.c1023
Kontext cíle                 unconfined_u:object_r:var_t:s0
Objekty cíle                 /var/ccpd/fifo [ fifo_file ]
Zdroj                         ccp
Cesta zdroje                  ccp
Port                          <Neznámé>
Počítač                    (removed)
RPM balíčky zdroje          
RPM balíčky cíle           
RPM politiky                  selinux-policy-3.7.19-13.fc13
Selinux povolen               True
Typ politiky                  targeted
Vynucovací režim            Permissive
Název zásuvného modulu     catchall
Název počítače            (removed)
Platforma                     Linux (removed) 2.6.33.3-85.fc13.x86_64
                              #1 SMP Thu May 6 18:09:49 UTC 2010 x86_64 x86_64
Počet upozornění           2
Poprvé viděno               Po 17. květen 2010, 17:33:53 CEST
Naposledy viděno             Po 17. květen 2010, 17:33:53 CEST
Místní ID                   07db58e4-293b-44b0-8fc0-028f2490c481
Čísla řádků              

Původní zprávy auditu      

node=(removed) type=AVC msg=audit(1274110433.884:30631): avc:  denied  { write } for  pid=3156 comm="ccp" name="fifo" dev=dm-1 ino=788993 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=fifo_file

node=(removed) type=AVC msg=audit(1274110433.884:30631): avc:  denied  { open } for  pid=3156 comm="ccp" name="fifo" dev=dm-1 ino=788993 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_t:s0 tclass=fifo_file



Hash String generated from  catchall,ccp,cupsd_t,var_t,fifo_file,write
audit2allow suggests:

#============= cupsd_t ==============
#!!!! The source type 'cupsd_t' can write to a 'fifo_file' of the following types:
# cupsd_var_run_t, pcscd_var_run_t, cupsd_tmp_t

allow cupsd_t var_t:fifo_file { write open };
Comment 1 Daniel Walsh 2010-05-17 12:44:18 EDT
You have a labeling problem

# restorecon -R -v /var/ccpd

Note You need to log in before you can comment on or make changes to this bug.