On Wed, 21 Jul 2004 02:19, Tom London <selinux@xxxxxxxxxxx> wrote:
> avc: denied { create } for pid=3684 exe=/usr/sbin/ptal-mlcd
> name=usb:PSC_900_Series scontext=system_u:system_r:ptal_t
> tcontext=system_u:object_r:var_run_t tclass=sock_file
> fedora ptal-mlcd: FATAL ERROR at ExMgr.cpp:1250,
> dev=<mlc:usb:PSC_900_Series>, pid=3684, e=13, t=1090333076
> bind(/var/run/ptal-mlcd/usb:PSC_900_Series) failed! Ensure
> /var/run/ptal-mlcd/ exists.
>
> The above shows ptal failing to create sock-file
> '/var/run/ptal-mcld/usb:....').
> (Shouldn't the tcontext be 'ptal_var_run_t'????)
Correct. The directory /var/run/ptal-mcld should have type ptal_var_run_t.
The problem was that the below two lines in cups.fc had "--" specified for the
type. Remove the "--" and relabel /var/run and things should be fine.
/var/run/ptal-printd(/.*)? system_u:object_r:ptal_var_run_t
/var/run/ptal-mlcd(/.*)? system_u:object_r:ptal_var_run_t
> Jul 20 07:17:56 fedora kernel: audit(1090333076.799:0): avc:
> denied { search } for pid=3685 exe=/usr/sbin/ptal-printd name=root
> dev=hda2 ino=1196033 scontext=system_u:system_r:ptal_t
> tcontext=root:object_r:staff_home_dir_t tclass=dir
>
> I don't know why ptal is trying to seach '/root'.
Lots of daemons do that. dontaudit is the correct solution to that.
--
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page
