Description of problem: SELinux is preventing /usr/lib/cups/backend/mfp from read, write access on the file /SYSVeca86420 (deleted). ***** Plugin restorecon (99.5 confidence) suggests ************************* If you want to fix the label. /SYSVeca86420 (deleted) default label should be etc_runtime_t. Then you can run restorecon. Do # /sbin/restorecon -v /SYSVeca86420 (deleted) ***** Plugin catchall (1.49 confidence) suggests *************************** If you believe that mfp should be allowed read write access on the SYSVeca86420 (deleted) file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mfp /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context system_u:object_r:tmpfs_t:s0 Target Objects /SYSVeca86420 (deleted) [ file ] Source mfp Source Path /usr/lib/cups/backend/mfp Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.11.1-85.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.3-203.fc18.i686 #1 SMP Mon Mar 18 13:20:52 UTC 2013 i686 i686 Alert Count 1 First Seen 2013-03-22 17:51:07 IST Last Seen 2013-03-22 17:51:07 IST Local ID 183adc1e-6a69-4348-9430-47d17e58c1c0 Raw Audit Messages type=AVC msg=audit(1363954867.842:342): avc: denied { read write } for pid=1263 comm="mfp" path=2F535953566563613836343230202864656C6574656429 dev="tmpfs" ino=98307 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file type=SYSCALL msg=audit(1363954867.842:342): arch=i386 syscall=ipc per=400000 success=no exit=EACCES a0=15 a1=18003 a2=0 a3=bfb177d4 items=0 ppid=1261 pid=1263 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 ses=4294967295 tty=(none) comm=mfp exe=/usr/lib/cups/backend/mfp subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Hash: mfp,cupsd_t,tmpfs_t,file,read,write audit2allow #============= cupsd_t ============== allow cupsd_t tmpfs_t:file { read write }; audit2allow -R require { type cupsd_t; } #============= cupsd_t ============== fs_rw_inherited_tmpfs_files(cupsd_t) Additional info: hashmarkername: setroubleshoot kernel: 3.8.3-203.fc18.i686 type: libreport
We should just add this. 4bf093cb9747cdfda800ab4c927e4a06c3822144 in git allows this.
Back ported.
selinux-policy-3.11.1-90.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-90.fc18
Package selinux-policy-3.11.1-90.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-90.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-5742/selinux-policy-3.11.1-90.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-90.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.