This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 860528 - cupsd[1334]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
cupsd[1334]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: P...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: p11-kit (Show other bugs)
18
Unspecified Unspecified
high Severity unspecified
: ---
: ---
Assigned To: Stef Walter
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-26 00:36 EDT by xset1980
Modified: 2013-05-23 08:39 EDT (History)
11 users (show)

See Also:
Fixed In Version: p11-kit-0.14-2.fc18
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-05-23 08:39:15 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
FreeDesktop.org 57115 None None None 2012-11-14 05:42:46 EST

  None (edit)
Description xset1980 2012-09-26 00:36:20 EDT
Description of problem:

i see on /var/log/messages on every boot this message:
Sep 26 01:25:06 fedora18 cupsd[1334]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied

Version-Release number of selected component (if applicable):

Fedora 18 KDE Alpha up to date
p11-kit-0.14-1.fc18.i686


How reproducible:

Always

Steps to Reproduce:
1.Install F18 Alpha
2.yum update -y
3.reboot and tail -f /var/log/messages
  
Actual results:


Expected results:


Additional info:
Comment 1 Stef Walter 2012-09-26 01:47:26 EDT
This sounds like an SELinux policy problem. Is pkcs11.conf mentioned in /var/log/audit/audit.log?
Comment 2 xset1980 2012-09-26 16:16:59 EDT
(In reply to comment #1)
> This sounds like an SELinux policy problem. Is pkcs11.conf mentioned in
> /var/log/audit/audit.log?

@Stef Walter,

No, is no mentioned in /var/log/audit/audit.log:


[root@fedora18 ~]# cat /var/log/messages |grep -i cupsd
Sep 21 22:13:54 localhost cupsd[4297]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 21 23:30:11 localhost cupsd[1223]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 21 02:46:27 localhost cupsd[1382]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 21 00:32:26 localhost cupsd[1368]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 21 01:02:05 fedora18 cupsd[1460]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 21 16:43:52 fedora18 cupsd[1301]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 25 10:07:06 fedora18 cupsd[1405]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 25 11:32:42 fedora18 cupsd[1300]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 25 12:23:07 fedora18 cupsd[1312]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 25 23:20:51 fedora18 cupsd[1304]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 25 23:50:21 fedora18 cupsd[1322]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 26 00:20:11 fedora18 cupsd[1312]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 26 01:25:06 fedora18 cupsd[1334]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
Sep 26 16:41:38 fedora18 cupsd[1419]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
[root@fedora18 ~]# cat /var/log/audit/audit.log |grep pkcs11.conf
[root@fedora18 ~]# cat /var/log/audit/audit.log |grep p11-kit
[root@fedora18 ~]#
Comment 3 Mads Kiilerich 2012-11-13 15:45:04 EST
It seems very wrong to me that a service running as system_u:system_r:cupsd_t should have anything to do in /root .
Comment 4 Stef Walter 2012-11-14 05:42:46 EST
Well, if we want to make big claims: It seems wrong to me that a printing service is running as root.

But in any case. p11-kit tries to access config files both in /etc and in the user's home directory. 

So there's a patch to fix this upstream. It requires testing and review before I'll merge it. Thanks for your help.
Comment 5 Stef Walter 2012-11-14 05:43:28 EST
Oh, in case it wasn't obvious: https://bugs.freedesktop.org/show_bug.cgi?id=57115
Comment 6 Ian Pilcher 2012-12-30 19:14:04 EST
My samba log is full of these messages (and I don't even have a /root/pkcs11 directory).
Comment 7 atulya.swayankar 2013-02-01 03:40:55 EST
(In reply to comment #6)
> My samba log is full of these messages (and I don't even have a /root/pkcs11
> directory).

I am also getting same error when i start httpd
(in my system also there is no /root/.pkcs11   directory is there )
Comment 8 Stef Walter 2013-02-01 03:58:56 EST
Fix for this has been merged upstream. I'll leave it to Kalev to decide whether to back-port a patch for this into Fedora 18.
Comment 9 Frank Büttner 2013-05-12 03:41:45 EDT
The problem happened again, when restart the cupsd.
And printing is not possible.
[root@bart ~]# systemctl restart colord.service 
[root@bart ~]# systemctl restart cups.service 
[root@bart ~]# tail -f /var/log/messages
May 12 09:11:00 bart colord: Device added: cups-Cups-PDF
May 12 09:11:00 bart colord: Profile added: ffgtk-fax-Gray..
May 12 09:11:00 bart colord[5423]: (colord:5423): Cd-WARNING **: failed to get session [pid 5431]: Unbekannter Fehler -2
May 12 09:11:00 bart colord: Device added: cups-ffgtk-fax
May 12 09:11:00 bart colord: Profile added: HP_Laserjet_1200-Gray..
May 12 09:11:00 bart colord: Profile added: HP_Laserjet_1200-RGB..
May 12 09:11:00 bart colord[5423]: (colord:5423): Cd-WARNING **: failed to get session [pid 5431]: Unbekannter Fehler -2
May 12 09:11:00 bart colord: Device added: cups-HP_Laserjet_1200
May 12 09:11:00 bart cupsd[5431]: p11-kit: couldn't open config file: /root/.pkcs11/pkcs11.conf: Permission denied
May 12 09:11:02 bart systemd[1]: Started CUPS Printing Service.
Comment 10 Frank Büttner 2013-05-12 03:44:31 EDT
cups-1.5.4-20.fc18.x86_64
colord-0.1.31-1.fc18.x86_64
p11-kit-0.14-1.fc18.x86_64

The last update that was installed was: 
May 12 08:35:23 Updated: nspr-4.9.6-1.fc18.x86_64
May 12 08:35:24 Updated: ibus-m17n-1.3.4-8.fc18.x86_64
Comment 11 Stef Walter 2013-05-13 00:51:14 EDT
Please test this build and see if it fixes your problem: http://koji.fedoraproject.org/koji/taskinfo?taskID=5370883

Note: Your inability to print may be for completely different reasons. So when testing this patch please use the following criteria: "Is the error in the logs gone?"
Comment 12 Frank Büttner 2013-05-13 12:14:52 EDT
Yes it will fix it.
Printing is working again and no errors:
[root@bart ~]# systemctl restart colord.service
[root@bart ~]# systemctl restart cups.service
[root@bart ~]# tail -f /var/log/messages
May 13 18:12:38 bart colord: Profile added: Cups-PDF-RGB..
May 13 18:12:38 bart colord[4190]: (colord:4190): Cd-WARNING **: failed to get session [pid 4205]: Unbekannter Fehler -2
May 13 18:12:38 bart colord: Device added: cups-Cups-PDF
May 13 18:12:38 bart colord: Profile added: ffgtk-fax-Gray..
May 13 18:12:38 bart colord[4190]: (colord:4190): Cd-WARNING **: failed to get session [pid 4205]: Unbekannter Fehler -2
May 13 18:12:38 bart colord: Device added: cups-ffgtk-fax
May 13 18:12:38 bart colord: Profile added: HP_Laserjet_1200-Gray..
May 13 18:12:38 bart colord: Profile added: HP_Laserjet_1200-RGB..
May 13 18:12:38 bart colord[4190]: (colord:4190): Cd-WARNING **: failed to get session [pid 4205]: Unbekannter Fehler -2
May 13 18:12:38 bart colord: Device added: cups-HP_Laserjet_1200
May 13 18:13:33 bart dbus-daemon[796]: dbus[796]: [system] Activating service name='org.opensuse.CupsPkHelper.Mechanism' (using servicehelper)
May 13 18:13:33 bart dbus[796]: [system] Activating service name='org.opensuse.CupsPkHelper.Mechanism' (using servicehelper)
May 13 18:13:33 bart dbus-daemon[796]: dbus[796]: [system] Successfully activated service 'org.opensuse.CupsPkHelper.Mechanism'
May 13 18:13:33 bart dbus[796]: [system] Successfully activated service 'org.opensuse.CupsPkHelper.Mechanism'
May 13 18:13:40 bart systemd[1]: Started CUPS Printing Service.
Comment 13 Stef Walter 2013-05-13 15:16:27 EDT
I can do a Fedora update for this. Will wait for necessary permission from the package maintainer.
Comment 14 Fedora Admin XMLRPC Client 2013-05-13 15:29:47 EDT
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 15 Fedora Update System 2013-05-13 16:47:22 EDT
p11-kit-0.14-2.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/p11-kit-0.14-2.fc18
Comment 16 Fedora Update System 2013-05-14 23:28:19 EDT
Package p11-kit-0.14-2.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing p11-kit-0.14-2.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-8209/p11-kit-0.14-2.fc18
then log in and leave karma (feedback).
Comment 17 Fedora Update System 2013-05-23 08:39:15 EDT
p11-kit-0.14-2.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.