Bug 754815 - SELinux is preventing /usr/sbin/cupsd from open/execute/execute_no_trans access on the file /usr/lib/cups/filter/rastertosamsungspl
Summary: SELinux is preventing /usr/sbin/cupsd from open/execute/execute_no_trans acce...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 15
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-11-17 19:53 UTC by Ivan Sidorov
Modified: 2011-11-18 15:06 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-11-18 15:06:02 UTC
Type: ---


Attachments (Terms of Use)
Logs (5.25 KB, text/plain)
2011-11-17 19:56 UTC, Ivan Sidorov
no flags Details

Description Ivan Sidorov 2011-11-17 19:53:50 UTC
User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

I've tried to install Xerox Phaser 3140 printer, it intalled successefully, but print nothing. Then I've tried to install drivers from Xerox site - same there.
So I've checked /var/log/messages and found out there're some problem with SELinux rights.
Don't know what it exactly means - I'm very new to Fedora.
But suggested commands helped and now priner ptints fine.
Logs and solutuion attached. Hope it helps. 


Reproducible: Didn't try

Comment 1 Ivan Sidorov 2011-11-17 19:56:04 UTC
Created attachment 534299 [details]
Logs

Comment 2 Jiri Popelka 2011-11-18 10:26:20 UTC
/usr/lib/cups/filter/rastertosamsungspl is quite commonly used third-party filter and I think the policy is to allow third-party applications to work without modification.

Comment 3 Daniel Walsh 2011-11-18 15:06:02 UTC
Well the alert told you to run restorecon on the filter.

restorecon -R -v /usr/lib/cups/filter

I am not sure which label rastertosamsungspl was installed with, it was not included with your attachment,  but SELinux did not like it.

If third parties do not use rpm to install or do stuff in their installer and ignore SELinux, then they can put mislabled stuff on the system,  There is no way we know this until a confined app tries to run the code.  In this case SELinux caught the problem, diagnosed it, and gave the user an easy solution.  

I would say this is more a bug with samsung then SELinux.


Note You need to log in before you can comment on or make changes to this bug.