What's SELinux doing to me?

William Case billlinux at rogers.com
Sun Jun 10 20:52:23 UTC 2007 

Hi;

Set up my upstairs Epson Stylus Color 740 which is attached to a
WindowsXP computer through the Fedora 7 printer config gui.  My SElinux
is in permissive mode.  I received the following error/denial.  My
current project is understanding Samba.  I am not ready to climb into
SELinux.  So, please how do I fix this so I can print something?
(The /tmp/gedit.bill.2675579933 was test file)

Summary
    SELinux is preventing the /usr/bin/smbspool from using potentially
    mislabeled files (/tmp/gedit.bill.2675579933).

Detailed Description
    SELinux has denied /usr/bin/smbspool access to potentially
mislabeled
    file(s) (/tmp/gedit.bill.2675579933).  This means that SELinux will
not
    allow /usr/bin/smbspool to use these files.  It is common for users
to edit
    files in their home directory or tmp directories and then move (mv)
them to
    system directories.  The problem is that the files end up with the
wrong
    file context which confined applications are not allowed to access.

Allowing Access
    If you want /usr/bin/smbspool to access this files, you need to
relabel them
    using restorecon -v /tmp/gedit.bill.2675579933.  You might want to
relabel
    the entire directory using restorecon -R -v /tmp.

Additional Information        

Source Context
system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                user_u:object_r:tmp_t
Target Objects                /tmp/gedit.bill.2675579933 [ sock_file ]
Affected RPM Packages         samba-client-3.0.25a-3.fc7 [application]
Policy RPM                    selinux-policy-2.6.4-13.fc7
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Permissive
Plugin Name                   plugins.home_tmp_bad_labels
Host Name                     CASE
Platform                      Linux CASE 2.6.21-1.3194.fc7 #1 SMP Wed
May 23
                              22:35:01 EDT 2007 i686 i686
Alert Count                   1
First Seen                    Sun 10 Jun 2007 03:50:19 PM EDT
Last Seen                     Sun 10 Jun 2007 03:50:19 PM EDT
Local ID                      5a00df94-05c8-4d1b-959a-71ee2e1c96ab
Line Numbers                  

Raw Audit Messages            

avc: denied { getattr } for comm="smb" dev=sdb7 egid=7 euid=4
exe="/usr/bin/smbspool" exit=0 fsgid=7 fsuid=4 gid=7 items=0
name="gedit.bill.2675579933" path="/tmp/gedit.bill.2675579933" pid=1895
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=sock_file
tcontext=user_u:object_r:tmp_t:s0 tty=(none) uid=4


-- 
Regards Bill

More information about the fedora-list mailing list