AVC when configuring printer.....
Ivan Gyurdiev
ivg2 at cornell.edu
Thu Mar 2 19:19:07 UTC 2006
> type=AVC msg=audit(02/27/2006 08:04:15.126:101) : avc: denied { read
> } for pid=5773 comm=printconf-backe name=.fonts.cache-2 dev=dm-0
> ino=555510 scontext=system_u:system_r:cupsd_config_t:s0
> tcontext=system_u:object_r:user_home_t:s0 tclass=file
>
Does it work? This is likely harmless.
However, we should be making use of the fact that this file
(.fonts.cache-2) is now in its own directory. I specifically filed a bug
to get it moved, and now we should write policy to take advantage of
that, by:
- prelabeling this folder with the correct type in our profile script,
or any future solution, so that the cache can be created with the
correct type by libfontconfig
- allowing programs that need to read fonts to read that type
(moving font-related macros from the old strict policy into the new
refpol).
It's unfortunate all those problems were solved in the old strict
policy, and now they all have to be re-solved for refpol.
> type=AVC msg=audit(02/27/2006 08:04:15.126:101) : avc: denied {
> write } for pid=5773 comm=printconf-backe name=[21844] dev=pipefs
> ino=21844 scontext=system_u:system_r:cupsd_config_t:s0
> tcontext=system_u:system_r:unconfined_t:s0 tclass=fifo_file
>
This isn't very helpful - what is it trying to write to - grep for 21844.
(Does lsof show that number?)
More information about the fedora-selinux-list
mailing list