selinux errors on rawhide despite update
Daniel J Walsh
dwalsh at redhat.com
Fri Sep 21 13:20:32 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Antonio Olivares wrote:
> I have updated this machine running rawhide and I still see many of these. Did they not get fixed with the new selinux-policy?
>
> Summary
> SELinux is preventing python (cupsd_config_t) "read" to 003 (usb_device_t).
>
> Detailed Description
> SELinux denied access requested by python. It is not expected that this
> access is required by python and this access may signal an intrusion
> attempt. It is also possible that the specific version or configuration of
> the application is causing it to require additional access.
>
> Allowing Access
> Sometimes labeling problems can cause SELinux denials. You could try to
> restore the default system file context for 003, restorecon -v 003 If this
> does not work, there is currently no automatic way to allow this access.
> Instead, you can generate a local policy module to allow this access - see
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context system_u:system_r:cupsd_config_t
> Target Context system_u:object_r:usb_device_t
> Target Objects 003 [ chr_file ]
> Affected RPM Packages
> Policy RPM selinux-policy-3.0.8-3.fc8
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Enforcing
> Plugin Name plugins.catchall_file
> Host Name localhost
> Platform Linux localhost 2.6.23-0.189.rc6.git8.fc8 #1 SMP
> Wed Sep 19 20:34:10 EDT 2007 i686 athlon
> Alert Count 6
> First Seen Mon 17 Sep 2007 07:07:18 PM CDT
> Last Seen Thu 20 Sep 2007 07:16:40 PM CDT
> Local ID cbf278e4-fbdc-4926-9daf-0eca08b62ddd
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python
> exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=003 pid=2326
> scontext=system_u:system_r:cupsd_config_t:s0 sgid=0
> subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file
> tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0
>
>
> avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=001 pid=2326 scontext=system_u:system_r:cupsd_config_t:s0 sgid=0 subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0
>
>
> Might not the new policy have been updated?
>
> Thanks,
>
> Antonio
>
>
>
>
>
> ____________________________________________________________________________________
> Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
> http://farechase.yahoo.com/
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Will be fixed in tomorrows rawhide.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFG88UgrlYvE4MpobMRAmUTAJsF2tf0kKZna09xYuEXj1LwNWTTRwCgx5ef
ZdBGerLMIigBNyVDOEIOjig=
=v9j3
-----END PGP SIGNATURE-----
More information about the fedora-selinux-list
mailing list