Inserting USB printer: hald_t cupsd_config_t:dbus

Tom London selinux at gmail.com
Mon Sep 26 13:51:25 UTC 2005 

Running targeted/enforcing, latest rawhide.

Inserting a USB printer produces on the following AVCs in
/var/log/messages (not audit.log):

Sep 26 06:37:55 localhost kernel: usb 2-1: new full speed USB device
using uhci_hcd and address 5
Sep 26 06:37:55 localhost kernel: drivers/usb/class/usblp.c: usblp0:
USB Bidirectional printer dev 5 if 0 alt 1 proto 2 vid 0x03F0 pid
0x1E11
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceRemoved dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceRemoved dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceRemoved dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceAdded dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc:  denied  { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceAdded dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus

This patch make sense?
   tom

--- cups.te.save        2005-09-26 06:47:18.000000000 -0700
+++ cups.te     2005-09-26 06:47:44.000000000 -0700
@@ -263,7 +263,7 @@
 ifdef(`dbusd.te', `
 allow cupsd_t hald_t:dbus send_msg;
 allow cupsd_config_t hald_t:dbus send_msg;
-allow hald_t cupsd_t:dbus send_msg;
+allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg;
 ')dnl end if dbusd.te

 allow hald_t cupsd_config_t:process signal;

--
Tom London

More information about the fedora-selinux-list mailing list