On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
>
> ***** Plugin catchall (100. confidence) suggests ***************************
>
> If you believe that colord should be allowed getattr access on the ext4.ini file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep colord /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context system_u:system_r:colord_t:s0-s0:c0.c1023
> Target Context system_u:object_r:bin_t:s0
> Target Objects /usr/local/Brother/sane/models3/ext4.ini [ file ]
> Source colord
> Source Path /usr/libexec/colord
> Port<Unknown>
> Host Jehovah.localdomain
> Source RPM Packages colord-0.1.7-1.fc15
> Target RPM Packages brscan3-0.2.11-4
> Policy RPM selinux-policy-3.9.16-26.fc15
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name Jehovah.localdomain
> Platform Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64
> #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64
> Alert Count 5
> First Seen Mon 06 Jun 2011 06:40:50 AM MDT
> Last Seen Tue 07 Jun 2011 05:20:41 AM MDT
> Local ID 5284eedd-a207-486b-a7d9-09af2e567072
>
> Raw Audit Messages
> type=AVC msg=audit(1307445641.672:26): avc: denied { getattr } for pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
>
>
> type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
>
> Hash: colord,colord_t,bin_t,file,getattr
>
> audit2allow
>
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
>
> audit2allow -R
>
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
>
>
colord is required by both cups (print server) and foomatic (printer
databases). It looks like you are using selinux in enforcing mode which
is preventing your printing due to the denial above (best guess on my part).
Turn off selinux and try it. I told you how to do that offlist. If
that doesn't work, please note in Dan's response that there is bug for
this open. You might just need to wait for the fix to hit F15
updates-testing. (sudo yum --enablerepo=updates-testing update).
If that doesn't work, follow Dan's advice and open a bugzilla for the
problem. Open against cups for now and the triagers will get it to the
right place. Include this selinux denial.
There is nothing else I can do to help you. Good luck.
--
Regards,
OldFart
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
