libreport version: 2.0.8 executable: /usr/bin/python hashmarkername: setroubleshoot kernel: 3.3.0-8.fc16.x86_64 reason: SELinux is preventing /opt/epson-inkjet-printer-nx420/cups/lib/filter/epson_inkjet_printer_filter from 'execute' accesses on the file /opt/epson-inkjet-printer-nx420/lib64/libEpson_Stylus_NX420.so.1.0.0. time: Sat 07 Apr 2012 04:06:41 PM PDT description: :SELinux is preventing /opt/epson-inkjet-printer-nx420/cups/lib/filter/epson_inkjet_printer_filter from 'execute' accesses on the file /opt/epson-inkjet-printer-nx420/lib64/libEpson_Stylus_NX420.so.1.0.0. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If you want to allow epson_inkjet_printer_filter to have execute access on the libEpson_Stylus_NX420.so.1.0.0 file :Then you need to change the label on /opt/epson-inkjet-printer-nx420/lib64/libEpson_Stylus_NX420.so.1.0.0 :Do :# semanage fcontext -a -t FILE_TYPE '/opt/epson-inkjet-printer-nx420/lib64/libEpson_Stylus_NX420.so.1.0.0' :where FILE_TYPE is one of the following: logrotate_exec_t, apm_exec_t, cups_pdf_exec_t, updpwd_exec_t, cupsd_exec_t, chkpwd_exec_t, mta_exec_type, hostname_exec_t, hplip_exec_t, lpr_exec_t, cupsd_interface_t, lib_t, ld_so_t, bin_t, lib_t, abrt_helper_exec_t, ifconfig_exec_t, textrel_shlib_t, initrc_exec_t, shell_exec_t. :Then execute: :restorecon -v '/opt/epson-inkjet-printer-nx420/lib64/libEpson_Stylus_NX420.so.1.0.0' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If you believe that epson_inkjet_printer_filter should be allowed execute access on the libEpson_Stylus_NX420.so.1.0.0 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep epson_inkjet_pr /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:usr_t:s0 :Target Objects /opt/epson-inkjet-printer- : nx420/lib64/libEpson_Stylus_NX420.so.1.0.0 [ file : ] :Source epson_inkjet_pr :Source Path /opt/epson-inkjet-printer- : nx420/cups/lib/filter/epson_inkjet_printer_filter :Port <Unknown> :Host (removed) :Source RPM Packages epson-inkjet-printer-nx420-1.0.0-1lsb3.2.x86_64 :Target RPM Packages epson-inkjet-printer-nx420-1.0.0-1lsb3.2.x86_64 :Policy RPM selinux-policy-3.10.0-80.fc16.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.3.0-8.fc16.x86_64 #1 : SMP Thu Mar 29 18:37:19 UTC 2012 x86_64 x86_64 :Alert Count 1 :First Seen Sat 07 Apr 2012 04:02:05 PM PDT :Last Seen Sat 07 Apr 2012 04:02:05 PM PDT :Local ID cca65abc-50ce-45b2-9f53-d5e1ebdf4fc9 : :Raw Audit Messages :type=AVC msg=audit(1333839725.339:124): avc: denied { execute } for pid=5460 comm="epson_inkjet_pr" path="/opt/epson-inkjet-printer-nx420/lib64/libEpson_Stylus_NX420.so.1.0.0" dev="dm-2" ino=9699968 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:usr_t:s0 tclass=file : : :type=SYSCALL msg=audit(1333839725.339:124): arch=x86_64 syscall=mmap success=no exit=EACCES a0=0 a1=27a8e0 a2=5 a3=802 items=0 ppid=951 pid=5460 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=epson_inkjet_pr exe=/opt/epson-inkjet-printer-nx420/cups/lib/filter/epson_inkjet_printer_filter subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) : :Hash: epson_inkjet_pr,cupsd_t,usr_t,file,execute : :audit2allow : :#============= cupsd_t ============== :allow cupsd_t usr_t:file execute; : :audit2allow -R : :#============= cupsd_t ============== :allow cupsd_t usr_t:file execute; :
Miroslav lets back port 1c95eb6694f823333c1c0d58ac0b35869f9f75d1 to F16 and RHEL6.
selinux-policy-3.10.0-84.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-84.fc16
selinux-policy-3.10.0-84.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.