Additional info: libreport version: 2.0.13 kernel: 3.5.3-1.fc17.i686 description: :SELinux is preventing colord-sane from 'execute' accesses on the file /usr/lib/sane/libsane-smfp.so.1.0.1. : :***** Plugin restorecon (94.8 confidence) suggests ************************* : :If you want to fix the label. :/usr/lib/sane/libsane-smfp.so.1.0.1 default label should be lib_t. :Then you can run restorecon. :Do :# /sbin/restorecon -v /usr/lib/sane/libsane-smfp.so.1.0.1 : :***** Plugin catchall_labels (5.21 confidence) suggests ******************** : :If you want to allow colord-sane to have execute access on the libsane-smfp.so.1.0.1 file :Then you need to change the label on /usr/lib/sane/libsane-smfp.so.1.0.1 :Do :# semanage fcontext -a -t FILE_TYPE '/usr/lib/sane/libsane-smfp.so.1.0.1' :where FILE_TYPE is one of the following: policykit_auth_exec_t, bin_t, ifconfig_exec_t, ld_so_t, lib_t, abrt_helper_exec_t, shell_exec_t, textrel_shlib_t, colord_exec_t. :Then execute: :restorecon -v '/usr/lib/sane/libsane-smfp.so.1.0.1' : : :***** Plugin catchall (1.44 confidence) suggests *************************** : :If you believe that colord-sane should be allowed execute access on the libsane-smfp.so.1.0.1 file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep colord-sane /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:colord_t:s0 :Target Context unconfined_u:object_r:usr_t:s0 :Target Objects /usr/lib/sane/libsane-smfp.so.1.0.1 [ file ] :Source colord-sane :Source Path colord-sane :Port <Unknown> :Host (removed) :Source RPM Packages :Target RPM Packages :Policy RPM selinux-policy-3.10.0-146.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.5.3-1.fc17.i686 #1 SMP Wed Aug : 29 19:25:38 UTC 2012 i686 i686 :Alert Count 22 :First Seen 2012-09-15 15:15:00 EDT :Last Seen 2012-09-24 23:25:29 EDT :Local ID ac5a57c6-89b8-4d53-a79e-b213dc5f42bd : :Raw Audit Messages :type=AVC msg=audit(1348543529.748:66): avc: denied { execute } for pid=1184 comm="colord-sane" path="/usr/lib/sane/libsane-smfp.so.1.0.1" dev="dm-1" ino=1858 scontext=system_u:system_r:colord_t:s0 tcontext=unconfined_u:object_r:usr_t:s0 tclass=file : : :Hash: colord-sane,colord_t,usr_t,file,execute : :audit2allow : :#============= colord_t ============== :allow colord_t usr_t:file execute; : :audit2allow -R : :#============= colord_t ============== :allow colord_t usr_t:file execute; :
Created attachment 616834 [details] File: type
Created attachment 616835 [details] File: hashmarkername
Try to execute # chcon -t bin_t /usr/lib/sane but I think you get more AVC msgs. The problem is with colord-sane in this case.
*** This bug has been marked as a duplicate of bug 858714 ***