Re: SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
>
> *****  Plugin catchall (100. confidence) suggests  ***************************
>
> If you believe that colord should be allowed getattr access on the ext4.ini file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep colord /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context                system_u:system_r:colord_t:s0-s0:c0.c1023
> Target Context                system_u:object_r:bin_t:s0
> Target Objects                /usr/local/Brother/sane/models3/ext4.ini [ file ]
> Source                        colord
> Source Path                   /usr/libexec/colord
> Port<Unknown>
> Host                          Jehovah.localdomain
> Source RPM Packages           colord-0.1.7-1.fc15
> Target RPM Packages           brscan3-0.2.11-4
> Policy RPM                    selinux-policy-3.9.16-26.fc15
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     Jehovah.localdomain
> Platform                      Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64
>                                #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64
> Alert Count                   5
> First Seen                    Mon 06 Jun 2011 06:40:50 AM MDT
> Last Seen                     Tue 07 Jun 2011 05:20:41 AM MDT
> Local ID                      5284eedd-a207-486b-a7d9-09af2e567072
>
> Raw Audit Messages
> type=AVC msg=audit(1307445641.672:26): avc:  denied  { getattr } for  pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
>
>
> type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
>
> Hash: colord,colord_t,bin_t,file,getattr
>
> audit2allow
>
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
>
> audit2allow -R
>
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
>
>

colord is required by both cups (print server) and foomatic (printer 
databases).  It looks like you are using selinux in enforcing mode which 
is preventing your printing due to the denial above (best guess on my part).

Turn off selinux and try it.  I told you how to do that offlist.  If 
that doesn't work, please note in Dan's response that there is bug for 
this open.  You might just need to wait for the fix to hit F15 
updates-testing.  (sudo yum --enablerepo=updates-testing update).

If that doesn't work, follow Dan's advice and open a bugzilla for the 
problem.  Open against cups for now and the triagers will get it to the 
right place.  Include this selinux denial.

There is nothing else I can do to help you.  Good luck.

-- 
Regards,
OldFart

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux