cups wants to write to /usr/lib/python2.4/.../printconf_tui.pyo, etc
Tom London
selinux at gmail.com
Sat Dec 4 18:48:54 UTC 2004
Running strict/enforcing, latest Rawhide.
When logging in, cups, running in cupsd_config_t
wants to write /usr/lib/python/site-packages/printconf_tui.pyo,
and /usr/share/printconf/util/printconf_tui.pyo.
Strict and Permissive avc's shown below.
Two things:
1. Didn't these files get moved to /var under an
earlier bugzilla?
2. Can we add a 'dontaudit' to cups.te for this:
dontaudit cupsd_config_t lib_t:dir write;
dontaudit cupsd_config_t usr_t:dir write;
tom
Strict avcs:
Dec 4 10:20:41 fedora kernel: audit(1102184441.369:0): avc: denied
{ write } for pid=2844 exe=/usr/bin/python name=util dev=hda2
ino=4309019 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=dir
Dec 4 10:20:41 fedora kernel: audit(1102184441.619:0): avc: denied
{ write } for pid=2844 exe=/usr/bin/python name=site-packages
dev=hda2 ino=4525331 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:lib_t tclass=dir
Permissive avc:
Dec 4 10:35:08 fedora kernel: audit(1102185308.369:0): avc: denied
{ write } for pid=3591 exe=/usr/bin/python name=util dev=hda2
ino=4309019 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=dir
Dec 4 10:35:08 fedora kernel: audit(1102185308.370:0): avc: denied
{ remove_name } for pid=3591 exe=/usr/bin/python
name=printconf_tui.pyo dev=hda2 ino=4309180
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=dir
Dec 4 10:35:08 fedora kernel: audit(1102185308.370:0): avc: denied
{ unlink } for pid=3591 exe=/usr/bin/python name=printconf_tui.pyo
dev=hda2 ino=4309180 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:printconf_t tclass=file
Dec 4 10:35:08 fedora kernel: audit(1102185308.606:0): avc: denied
{ add_name } for pid=3591 exe=/usr/bin/python name=printconf_tui.pyo
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=dir
Dec 4 10:35:08 fedora kernel: audit(1102185308.606:0): avc: denied
{ create } for pid=3591 exe=/usr/bin/python name=printconf_tui.pyo
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=file
Dec 4 10:35:08 fedora kernel: audit(1102185308.606:0): avc: denied
{ write } for pid=3591 exe=/usr/bin/python
path=/usr/share/printconf/util/printconf_tui.pyo dev=hda2 ino=4309025
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=file
--
Tom London
More information about the fedora-selinux-list
mailing list