cups-config-daemon ?
Russell Coker
russell at coker.com.au
Mon Nov 29 08:04:52 UTC 2004
On Monday 29 November 2004 06:51, Tom London <selinux at gmail.com> wrote:
> Running strict/enforcing, latest Rawhide.
>
> I think the following is coming from cups-config-daemon
>
> I'm always a bit suspicious of fd denials....
> these are to /dev/null...
> Is this an open file leaking across an exec?
I don't think that this is a problem. Granting access to /dev/null is not an
issue. For cron jobs this sort of thing is common.
The attached patch should do the job.
> Help welcomed.....
> tom
>
>
> Nov 28 10:12:25 fedora cups: cupsd shutdown succeeded
> Nov 28 10:12:25 fedora kernel: audit(1101665545.088:0): avc: denied
> { use } for pid=4223 exe=/usr/bin/python path=/dev/null dev=tmpfs
> ino=3516 scontext=system_u:system_r:cupsd_config_t
> tcontext=system_u:system_r:system_crond_t tclass=fd
> Nov 28 10:12:25 fedora kernel: audit(1101665545.088:0): avc: denied
> { use } for pid=4223 exe=/usr/bin/python path=/dev/null dev=tmpfs
> ino=3516 scontext=system_u:system_r:cupsd_config_t
> tcontext=system_u:system_r:logrotate_t tclass=fd
> Nov 28 10:12:25 fedora kernel: audit(1101665545.088:0): avc: denied
> { use } for pid=4223 exe=/usr/bin/python path=/dev/null dev=tmpfs
> ino=3516 scontext=system_u:system_r:cupsd_config_t
> tcontext=system_u:system_r:logrotate_t tclass=fd
> Nov 28 10:12:25 fedora kernel: audit(1101665545.232:0): avc: denied
> { use } for pid=4226 exe=/usr/sbin/cupsd path=/dev/null dev=tmpfs
> ino=3516 scontext=system_u:system_r:cupsd_t
> tcontext=system_u:system_r:system_crond_t tclass=fd
> Nov 28 10:12:25 fedora cups: cupsd startup succeeded
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff
Type: text/x-diff
Size: 801 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20041129/b1e81244/attachment.bin>
More information about the fedora-selinux-list
mailing list