selinux errors on rawhide despite update

Antonio Olivares olivares14031 at yahoo.com
Fri Sep 21 00:28:06 UTC 2007 

I have updated this machine running rawhide and I still see many of these.  Did they not get fixed with the new selinux-policy?

Summary
    SELinux is preventing python (cupsd_config_t) "read" to 003 (usb_device_t).

Detailed Description
    SELinux denied access requested by python. It is not expected that this
    access is required by python and this access may signal an intrusion
    attempt. It is also possible that the specific version or configuration of
    the application is causing it to require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for 003, restorecon -v 003 If this
    does not work, there is currently no automatic way to allow this access.
    Instead,  you can generate a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information        

Source Context                system_u:system_r:cupsd_config_t
Target Context                system_u:object_r:usb_device_t
Target Objects                003 [ chr_file ]
Affected RPM Packages         
Policy RPM                    selinux-policy-3.0.8-3.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost
Platform                      Linux localhost 2.6.23-0.189.rc6.git8.fc8 #1 SMP
                              Wed Sep 19 20:34:10 EDT 2007 i686 athlon
Alert Count                   6
First Seen                    Mon 17 Sep 2007 07:07:18 PM CDT
Last Seen                     Thu 20 Sep 2007 07:16:40 PM CDT
Local ID                      cbf278e4-fbdc-4926-9daf-0eca08b62ddd
Line Numbers                  

Raw Audit Messages            

avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=003 pid=2326
scontext=system_u:system_r:cupsd_config_t:s0 sgid=0
subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0


avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=001 pid=2326 scontext=system_u:system_r:cupsd_config_t:s0 sgid=0 subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0 


Might not the new policy have been updated?

Thanks,

Antonio 




       
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/

More information about the fedora-selinux-list mailing list