libreport version: 2.0.10 executable: /usr/bin/python2.7 hashmarkername: setroubleshoot kernel: 3.4.0-1.fc17.x86_64 time: Tue 12 Jun 2012 09:28:43 AM PDT description: :SELinux is preventing /usr/libexec/colord-sane from using the 'execstack' accesses on a process. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that colord-sane should be allowed execstack access on processes labeled colord_t by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep colord-sane /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:colord_t:s0 :Target Context system_u:system_r:colord_t:s0 :Target Objects [ process ] :Source colord-sane :Source Path /usr/libexec/colord-sane :Port <Unknown> :Host (removed) :Source RPM Packages colord-0.1.21-1.fc17.x86_64 : colord-0.1.21-1.fc17.i686 :Target RPM Packages :Policy RPM selinux-policy-3.10.0-128.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) : 3.4.0-1.fc17.x86_64 #1 SMP Sun Jun 3 06:35:17 UTC : 2012 x86_64 x86_64 :Alert Count 8 :First Seen Mon 11 Jun 2012 05:23:16 PM PDT :Last Seen Tue 12 Jun 2012 09:24:18 AM PDT :Local ID 363aab5e-d397-4a72-b3b2-ef6987ddc09c : :Raw Audit Messages :type=AVC msg=audit(1339518258.724:84): avc: denied { execstack } for pid=1525 comm="colord-sane" scontext=system_u:system_r:colord_t:s0 tcontext=system_u:system_r:colord_t:s0 tclass=process : : :type=SYSCALL msg=audit(1339518258.724:84): arch=x86_64 syscall=mprotect success=no exit=EACCES a0=7fffb52d9000 a1=1000 a2=1000007 a3=7fd8b89f7000 items=0 ppid=1 pid=1525 auid=4294967295 uid=988 gid=984 euid=988 suid=988 fsuid=988 egid=984 sgid=984 fsgid=984 tty=(none) ses=4294967295 comm=colord-sane exe=/usr/libexec/colord-sane subj=system_u:system_r:colord_t:s0 key=(null) : :Hash: colord-sane,colord_t,colord_t,process,execstack : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied :
Why does colord-sane need execstack?
This happend each time I start up my computer. It has happened since I upgraded to Fedora 17. Package: (null) OS Release: Fedora release 17 (Beefy Miracle)
Booted fedora 17. Logged in to desktop. That's all folks Package: (null) OS Release: Fedora release 17 (Beefy Miracle)
I did some additional searching. See Bug 741086. It suggests "change /etc/colord.conf to say UseSANE=false and reboot." I did this and the error is cleared.
Great.
Chrome with printer samsung scx-4623F instaled. Sorry bad english :( Package: (null) Architecture: i686 OS Release: Fedora release 17 (Beefy Miracle)
I get this alert every time I log in after a reboot of the system. Package: (null) Architecture: i686 OS Release: Fedora release 17 (Beefy Miracle)
created selinux policy three times (You can generate a local policy module to allow this access. Allow this access for now by executing: # grep colord-sane /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp) but still appearing Package: (null) Architecture: i686 OS Release: Fedora release 17 (Beefy Miracle)
cat mypol.te
got this issue suddenly after logging into the desktop Package: (null) Architecture: i686 OS Release: Fedora release 17 (Beefy Miracle)
*** This bug has been marked as a duplicate of bug 827323 ***