printer AVCs....

Daniel J Walsh dwalsh at redhat.com
Wed May 24 15:30:35 UTC 2006 

Tom London wrote:
> Running latest Rawhide, targeted/enforcing.
>
> I get the following when 'deactivating/activating' a USB printer (and
> printing fails):
>
> type=AVC msg=audit(1148052935.119:30): avc:  denied  { create } for
> pid=1902 comm="python" scontext=system_u:system_r:hplip_t:s0
> tcontext=system_u:system_r:hplip_t:s0 tclass=netlink_route_socket
> type=SYSCALL msg=audit(1148052935.119:30): arch=40000003 syscall=102
> success=no exit=-13 a0=1 a1=bffa4878 a2=49ebaff4 a3=bffa4e69 items=0
> pid=1902 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="python" exe="/usr/bin/python"
> subj=system_u:system_r:hplip_t:s0
> type=SOCKETCALL msg=audit(1148052935.119:30): nargs=3 a0=10 a1=3 a2=0
>
> type=USER_AVC msg=audit(1148053114.333:32): user pid=1735 uid=81
> auid=4294967295 subj=system_u:system_r:system_dbusd_t:s0 msg='avc:
> denied  { send_msg } for msgtype=signal
> interface=com.redhat.PrinterSpooler member=JobQueuedLocal
> dest=org.freedesktop.DBus spid=1913 tpid=2748
> scontext=system_u:system_r:cupsd_t:SystemLow-SystemHigh
> tcontext=user_u:system_r:unconfined_execmem_t tclass=dbus : exe="?"
> (sauid=81, hostname=?, addr=?, terminal=?)'
>
What is the unconfined_execmem_t application?
> The following messages were in /var/log/messages:
>
> May 19 08:35:33 localhost dbus: Can't send to audit system: USER_AVC
> avc:  denied  { send_msg } for msgtype=signal
> interface=com.redhat.PrinterSpooler member=JobQueuedLocal
> dest=org.freedesktop.DBus spid=1913 tpid=2748
> scontext=system_u:system_r:cupsd_t:SystemLow-SystemHigh
> tcontext=user_u:system_r:unconfined_execmem_t tclass=dbus : exe="?"
> (sauid=81, hostname=?, addr=?, terminal=?)
> May 19 08:35:33 localhost dbus: Can't send to audit system: USER_AVC
> avc:  denied  { send_msg } for msgtype=signal
> interface=com.redhat.PrinterSpooler member=QueueChanged
> dest=org.freedesktop.DBus spid=1913 tpid=2748
> scontext=system_u:system_r:cupsd_t:SystemLow-SystemHigh
> tcontext=user_u:system_r:unconfined_execmem_t tclass=dbus : exe="?"
> (sauid=81, hostname=?, addr=?, terminal=?)
> May 19 08:35:33 localhost dbus: Can't send to audit system: USER_AVC
> avc:  denied  { send_msg } for msgtype=signal
> interface=com.redhat.PrinterSpooler member=JobStartedLocal
> dest=org.freedesktop.DBus spid=1913 tpid=2748
> scontext=system_u:system_r:cupsd_t:SystemLow-SystemHigh
> tcontext=user_u:system_r:unconfined_execmem_t tclass=dbus : exe="?"
> (sauid=81, hostname=?, addr=?, terminal=?)
> May 19 08:35:35 localhost hpiod: invalid product id string: Broken
> pipe io/hpiod/device.cpp 623
> May 19 08:35:35 localhost hpiod: unable to Device::Open
> hp:/usb/hp_LaserJet_1300?serial=00CNCB954325 io/hpiod/device.cpp 862
> May 19 08:35:35 localhost hp_LaserJet_1300?serial=00CNCB954325: INFO:
> open device failed; will retry in 30 seconds...
> May 19 08:36:05 localhost hpiod: invalid product id string: Broken
> pipe io/hpiod/device.cpp 623
>
> tom

More information about the fedora-selinux-list mailing list