Hide Forgot
SELinux is preventing /usr/local/lexmark/legacy/bin/printfilter from 'connectto' accesses on the unix_stream_socket @/tmp/dbus-FI70HoyxV8. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that printfilter should be allowed connectto access on the dbus-FI70HoyxV8 unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep printfilter /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0 :c0.c1023 Target Objects @/tmp/dbus-FI70HoyxV8 [ unix_stream_socket ] Source printfilter Source Path /usr/local/lexmark/legacy/bin/printfilter Port <Unknown> Host (removed) Source RPM Packages lexmark-inkjet-legacy-wJRE-1.0-1 Target RPM Packages Policy RPM selinux-policy-3.9.7-40.fc14 Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 2.6.35.13-91.fc14.i686 #1 SMP Tue May 3 13:36:36 UTC 2011 i686 i686 Alert Count 1 First Seen Mon 23 May 2011 07:54:00 AM CDT Last Seen Mon 23 May 2011 07:54:00 AM CDT Local ID d7603877-5f08-46bb-838c-ca4e37725d1e Raw Audit Messages type=AVC msg=audit(1306155240.406:478): avc: denied { connectto } for pid=13192 comm="printfilter" path=002F746D702F646275732D46493730486F79785638 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1306155240.406:478): arch=i386 syscall=socketcall success=yes exit=0 a0=3 a1=bff69bc0 a2=286ff4 a3=0 items=0 ppid=1414 pid=13192 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=printfilter exe=/usr/local/lexmark/legacy/bin/printfilter subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash: printfilter,cupsd_t,unconfined_dbusd_t,unix_stream_socket,connectto audit2allow #============= cupsd_t ============== #!!!! This avc is allowed in the current policy allow cupsd_t unconfined_dbusd_t:unix_stream_socket connectto; audit2allow -R #============= cupsd_t ============== #!!!! This avc is allowed in the current policy allow cupsd_t unconfined_dbusd_t:unix_stream_socket connectto;
Looks like this one is currently allowed.