cups AVC...
Daniel J Walsh
dwalsh at redhat.com
Wed Aug 15 11:02:27 UTC 2007
Tom London wrote:
> Running latest Rawhide, I get the following when configuring a printer
> inside of Cups web interface (localhost:631):
>
> type=AVC msg=audit(1187113075.195:823): avc: denied { getattr } for
> pid=20531 comm="hp" path="/usr/share/snmp/mibs/.index" dev=dm-0
> ino=9240602 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:snmpd_var_lib_t:s0 tclass=file
> type=SYSCALL msg=audit(1187113075.195:823): arch=40000003 syscall=195
> success=yes exit=0 a0=bfef1ab8 a1=bfef179c a2=9e0ff4 a3=3a items=0
> ppid=14556 pid=20531 auid=500 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7
> sgid=7 fsgid=7 tty=(none) comm="hp" exe="/usr/lib/cups/backend/hp"
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
> type=AVC msg=audit(1187113075.195:824): avc: denied { read } for
> pid=20531 comm="hp" name=".index" dev=dm-0 ino=9240602
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:snmpd_var_lib_t:s0 tclass=file
> type=SYSCALL msg=audit(1187113075.195:824): arch=40000003 syscall=5
> success=yes exit=5 a0=bfef1ab8 a1=8000 a2=1b6 a3=87f6f30 items=0
> ppid=14556 pid=20531 auid=500 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7
> sgid=7 fsgid=7 tty=(none) comm="hp" exe="/usr/lib/cups/backend/hp"
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
>
>
>
Any idea why the hp command would want to look at the snmp
path="/usr/share/snmp/mibs/.index"
Or is this a leaked file descriptor from somewhere?
More information about the fedora-selinux-list
mailing list