selinux errors on rawhide despite update
Antonio Olivares
olivares14031 at yahoo.com
Fri Sep 21 00:28:06 UTC 2007
I have updated this machine running rawhide and I still see many of these. Did they not get fixed with the new selinux-policy?
Summary
SELinux is preventing python (cupsd_config_t) "read" to 003 (usb_device_t).
Detailed Description
SELinux denied access requested by python. It is not expected that this
access is required by python and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of
the application is causing it to require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for 003, restorecon -v 003 If this
does not work, there is currently no automatic way to allow this access.
Instead, you can generate a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:cupsd_config_t
Target Context system_u:object_r:usb_device_t
Target Objects 003 [ chr_file ]
Affected RPM Packages
Policy RPM selinux-policy-3.0.8-3.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name localhost
Platform Linux localhost 2.6.23-0.189.rc6.git8.fc8 #1 SMP
Wed Sep 19 20:34:10 EDT 2007 i686 athlon
Alert Count 6
First Seen Mon 17 Sep 2007 07:07:18 PM CDT
Last Seen Thu 20 Sep 2007 07:16:40 PM CDT
Local ID cbf278e4-fbdc-4926-9daf-0eca08b62ddd
Line Numbers
Raw Audit Messages
avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python
exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=003 pid=2326
scontext=system_u:system_r:cupsd_config_t:s0 sgid=0
subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file
tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0
avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=001 pid=2326 scontext=system_u:system_r:cupsd_config_t:s0 sgid=0 subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0
Might not the new policy have been updated?
Thanks,
Antonio
____________________________________________________________________________________
Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
http://farechase.yahoo.com/
More information about the fedora-selinux-list
mailing list