cupsd: minor nit
Tom London
selinux at gmail.com
Fri Sep 9 22:40:22 UTC 2005
Running targeted/enforcing, latest rawhide.
If I 'remove' a USB printer (via 'rmmod usblp') and then reboot,
printconf-tui tries to create the directory /var/cache/foomatic. This fails
with:
type=AVC msg=audit( 1126301390.416:17): avc: denied { create } for pid=3106
comm="printconf-tui" name="foomatic"
scontext=system_u:system_r:cupsd_config_t tcontext=system_u:object_r:var_t
tclass=dir
type=SYSCALL msg=audit( 1126301390.416:17): arch=40000003 syscall=39
success=no exit=-13 a0=9aefe10 a1=1ed a2=778468 a3=b7345a2c items=1 pid=3106
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0
comm="printconf-tui" exe="/usr/bin/python"
type=CWD msg=audit(1126301390.416:17): cwd="/"
type=PATH msg=audit(1126301390.416:17): item=0 name="/var/cache/foomatic"
flags=10 inode=2142136 dev=fd:00 mode=040755 ouid=0 ogid=0 rdev=00:00
[This seems 'harmless', since printing appears to work, but ...]
Does this seem correct?
tom
--- /tmp/cups.te 2005-09-09 15:38:31.000000000 -0700
+++ ./cups.te 2005-09-09 14:56:26.000000000 -0700
@@ -240,7 +240,7 @@
rw_dir_create_file(cupsd_config_t, cupsd_etc_t)
rw_dir_create_file(cupsd_config_t, cupsd_rw_etc_t)
file_type_auto_trans(cupsd_config_t, cupsd_etc_t, cupsd_rw_etc_t, file)
-file_type_auto_trans(cupsd_config_t, var_t, cupsd_rw_etc_t, file)
+file_type_auto_trans(cupsd_config_t, var_t, cupsd_rw_etc_t, { file dir })
allow cupsd_config_t var_t:lnk_file read;
can_network_tcp(cupsd_config_t)
--
Tom London
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20050909/7b1ec494/attachment.htm>
More information about the fedora-selinux-list
mailing list