Hide Forgot
SELinux is preventing /usr/libexec/colord from 'read' accesses on the directory /media/OS. ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /media/OS default label should be mnt_t. Then you can run restorecon. Do # /sbin/restorecon -v /media/OS ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that colord should be allowed read access on the OS directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep colord /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:colord_t:s0-s0:c0.c1023 Target Context system_u:object_r:fusefs_t:s0 Target Objects /media/OS [ dir ] Source colord Source Path /usr/libexec/colord Port <Unknown> Host (removed) Source RPM Packages colord-0.1.7-1.fc15 Target RPM Packages Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 2.6.38.6-26.rc1.fc15.i686 #1 SMP Mon May 9 20:43:14 UTC 2011 i686 i686 Alert Count 1 First Seen Wed 22 Jun 2011 05:32:16 PM MST Last Seen Wed 22 Jun 2011 05:32:16 PM MST Local ID 98b156ce-7d68-4123-b787-40c0b373927d Raw Audit Messages type=AVC msg=audit(1308789136.638:529): avc: denied { read } for pid=18588 comm="colord" name="/" dev=sda1 ino=5 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir type=SYSCALL msg=audit(1308789136.638:529): arch=i386 syscall=access success=yes exit=0 a0=996d4e0 a1=5 a2=4b07a328 a3=996d4c8 items=0 ppid=1 pid=18588 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null) Hash: colord,colord_t,fusefs_t,dir,read audit2allow #============= colord_t ============== allow colord_t fusefs_t:dir read; audit2allow -R #============= colord_t ============== allow colord_t fusefs_t:dir read;
I have an EPSON STYLUS CX7000F all in one printer-scanner-fax. I had previously been able to use it with Windows, but have transitioned to Fedora from Mandriva last night. I wanted to see if I could plug it in and turn it on to see if it would work, but when I turned on the scanner's power, I received the above message. I have tried to find a place inside the SEAlert where I could allow the device to have access to the OS and thereby try to find the correct drivers for it, but have not had any success. SEAlert informed me to report this as a bug, and hopefully there is something that I can do to resolve this. This is one of the last things that I need the Windows partition for, and hope that there is a working resolution to this problem so that I can completely remove Windows.
Looks like this is fixed in the latest policy yum -y update selinux-policy-targeted --enablerepo=updates-testing
Daniel, I will try the update, but seeing as it was a brand new install and all the updated had all ready been done, I am rather perplexed. I will run that command when I am back behind Fedora this evening. Hopefully it does resolve the issue. Thanks for the info.