cups: unconfined_t:dbus...
Daniel J Walsh
dwalsh at redhat.com
Fri Apr 15 18:56:20 UTC 2005
Tom London wrote:
>Running targeted/enforcing, 1.23.10-5, rawhide.
>
>When I disconnected a USB printer, got the following:
>Apr 15 09:56:51 localhost kernel: usb 2-1: USB disconnect, address 2
>Apr 15 09:56:51 localhost kernel: drivers/usb/class/usblp.c: usblp0: removed
>Apr 15 09:56:55 localhost dbus: avc: denied { send_msg } for
>msgtype=signal interface=com.redhat.PrinterSpooler
>member=PrinterRemoved dest=org.freedesktop.DBus spid=2634 tpid=3592
>scontext=user_u:system_r:cupsd_t tcontext=user_u:system_r:unconfined_t
>tclass=dbus
>Apr 15 09:56:55 localhost last message repeated 2 times
>Apr 15 09:56:55 localhost dbus: avc: denied { send_msg } for
>msgtype=signal interface=com.redhat.PrinterSpooler member=PrinterAdded
>dest=org.freedesktop.DBus spid=2634 tpid=3592
>scontext=user_u:system_r:cupsd_t tcontext=user_u:system_r:unconfined_t
>tclass=dbus
>Apr 15 09:56:55 localhost dbus: avc: denied { send_msg } for
>msgtype=signal interface=com.redhat.PrinterSpooler member=PrinterAdded
>dest=org.freedesktop.DBus spid=2634 tpid=3592
>scontext=user_u:system_r:cupsd_t tcontext=user_u:system_r:unconfined_t
>tclass=dbus
>
>audit2allow says:
>allow cupsd_t unconfined_t:dbus send_msg;
>
>That right?
> tom
>
>
>
Yes it will be in tomorrow's patch.
I wonder if I should add userdomain and unpriv_userdomain attribute to
unconfined_t for targeted. Probably to dangerous.
typeattribute unconfined_t userdomain;
typeattribute unconfined_t unpriv_userdomain;
--
More information about the fedora-selinux-list
mailing list