Description of problem: Print job to Brother printer. Additional info: libreport version: 2.0.14 kernel: 3.6.2-4.fc17.i686.PAE description: :SELinux is preventing /usr/bin/brprintconf_mfcj6910dw from 'rename' accesses on the file /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc. : :***** Plugin catchall_labels (83.8 confidence) suggests ******************** : :If you want to allow brprintconf_mfcj6910dw to have rename access on the brmfcj6910dwrc file :Then you need to change the label on /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc :Do :# semanage fcontext -a -t FILE_TYPE '/etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc' :where FILE_TYPE is one of the following: cupsd_lock_t, cupsd_var_run_t, pcscd_var_run_t, print_spool_t, krb5_host_rcache_t, cupsd_interface_t, cupsd_log_t, cupsd_rw_etc_t, cupsd_tmp_t, krb5_host_rcache_t, root_t. :Then execute: :restorecon -v '/etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc' : : :***** Plugin catchall (17.1 confidence) suggests *************************** : :If you believe that brprintconf_mfcj6910dw should be allowed rename access on the brmfcj6910dwrc file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep brprintconf_mfc /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 :Target Context system_u:object_r:etc_t:s0 :Target Objects /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj691 : 0dwrc [ file ] :Source brprintconf_mfc :Source Path /usr/bin/brprintconf_mfcj6910dw :Port <Unknown> :Host (removed) :Source RPM Packages mfcj6910dwlpr-1.1.1-1.i386 :Target RPM Packages mfcj6910dwlpr-1.1.1-1.i386 :Policy RPM selinux-policy-3.10.0-156.fc17.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.2-4.fc17.i686.PAE #1 SMP Wed : Oct 17 03:01:21 UTC 2012 i686 i686 :Alert Count 280 :First Seen 2012-10-24 11:00:05 EDT :Last Seen 2012-10-24 18:58:53 EDT :Local ID ade2291b-c546-45cf-8606-79d0260148f8 : :Raw Audit Messages :type=AVC msg=audit(1351119533.545:65942): avc: denied { rename } for pid=19410 comm="brprintconf_mfc" name="brmfcj6910dwrc" dev="dm-4" ino=2894098 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:etc_t:s0 tclass=file : : :type=SYSCALL msg=audit(1351119533.545:65942): arch=i386 syscall=rename per=400000 success=no exit=EACCES a0=bf9afe30 a1=bf9afa20 a2=804abc0 a3=bf9afe30 items=0 ppid=19388 pid=19410 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=brprintconf_mfc exe=/usr/bin/brprintconf_mfcj6910dw subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) : :Hash: brprintconf_mfc,cupsd_t,etc_t,file,rename : :audit2allow : :#============= cupsd_t ============== :allow cupsd_t etc_t:file rename; : :audit2allow -R : :#============= cupsd_t ============== :allow cupsd_t etc_t:file rename; :
Created attachment 633089 [details] File: type
Created attachment 633090 [details] File: hashmarkername
Could you add me your output of # rpm -qf /etc/opt/brother/* Also to make this working you need to execute # chcon -Rt cupsd_rw_etc_t /etc/opt/brother/Printers/mfcj6910dw/inf
rpm -qf /opt/brother file /opt/brother is not owned by any package I even uninstalled and installed the rpms again, but it still reports that /opt/brother and /etc/opt/brother are not owned by any package. rpm -ql brscan4-0.3.0-2.i386 brscan-skey-0.2.1-3.i386 brmfcfaxlpd-1.0.0-1.i386 brmfcfaxcups-1.0.0-1.i386 mfcj6910dwlpr-1.1.1-1.i386 mfcj6910dwcupswrapper-1.1.1-1.i386 /usr/bin/brsaneconfig4 /usr/lib/sane/libsane-brother4.so /usr/lib/sane/libsane-brother4.so.1 /usr/lib/sane/libsane-brother4.so.1.0.7 /usr/local/Brother /usr/local/Brother/sane /usr/local/Brother/sane/Brsane4.ini /usr/local/Brother/sane/brsaneconfig4 /usr/local/Brother/sane/brsanenetdevice4.cfg /usr/local/Brother/sane/doc /usr/local/Brother/sane/doc/brscan4 /usr/local/Brother/sane/doc/brscan4/readme.txt /usr/local/Brother/sane/models4 /usr/local/Brother/sane/setupSaneScan4 /usr/bin/brscan-skey /usr/local/Brother/sane/brscan-skey-0.2.1-3 /usr/local/Brother/sane/brscan-skey-0.2.1-3.sh /usr/local/Brother/sane/script /usr/local/Brother/sane/script/brscan_scantoemail-0.2.1-3 /usr/local/Brother /usr/local/Brother/fax /usr/local/Brother/fax/brps2brfax /usr/local/Brother/inf /usr/local/Brother/inf/brFAXrc /usr/local/Brother/inf/setupPrintcap /usr/local/Brother/lpd /usr/local/Brother/lpd/filterBRFAX /var/spool/lpd/BRFAX /usr/bin/brpcfax /usr/lib/cups/filter/brfaxfilter /usr/local/Brother /usr/local/Brother/fax /usr/local/Brother/fax/brmfcfax.jar /usr/share/cups/model/brfax_cups.ppd /etc/opt/brother/Printers/mfcj6910dw/inf/ImagingArea /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwfunc /etc/opt/brother/Printers/mfcj6910dw/inf/brmfcj6910dwrc /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IA.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IB.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IC.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10ID.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IE.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IF.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IG.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10IH.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/lut/BRPRI10II.BCM /etc/opt/brother/Printers/mfcj6910dw/inf/paperinfij2 /etc/opt/brother/Printers/mfcj6910dw/inf/setupPrintcapij /opt/brother/Printers/mfcj6910dw/lpd/brmfcj6910dwfilter /opt/brother/Printers/mfcj6910dw/lpd/filtermfcj6910dw /opt/brother/Printers/mfcj6910dw/lpd/psconvertij2 /usr/bin/brprintconf_mfcj6910dw /opt/brother/Printers/mfcj6910dw/cupswrapper/brcupsconfpt1 /opt/brother/Printers/mfcj6910dw/cupswrapper/cupswrappermfcj6910dw /opt/brother/Printers/mfcj6910dw/cupswrapper/mfcj6910dw.ppd I added this rule: semanage fcontext -a -f 'all files' -t cupsd_rw_etc_t '/etc/opt/brother/Printers/mfcj6910dw/inf(/.*)?' and ran restorecon -Rv /etc/opt/brother/Printers/mfcj6910dw/inf Also needed this rule: semanage fcontext -a -f 'all files' -t cupsd_exec_t '/opt/brother/Printers/mfcj6910dw/lpd/filtermfcj6910dw I may find others.
Added. commit 2c9cafd741aef29ddfc7b53cf981e858a02557a1 Author: Miroslav Grepl <mgrepl> Date: Sun Dec 16 11:24:19 2012 +0100 Add labeling for /etc/opt/brother/Printers/*/inf/*
selinux-policy-3.10.0-165.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/selinux-policy-3.10.0-165.fc17
Package selinux-policy-3.10.0-165.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-165.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20544/selinux-policy-3.10.0-165.fc17 then log in and leave karma (feedback).
Package selinux-policy-3.10.0-166.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.10.0-166.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20544/selinux-policy-3.10.0-166.fc17 then log in and leave karma (feedback).
selinux-policy-3.10.0-166.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.