Re: USB printer disconnect...

Tom London <selinux@xxxxxxxxx> · Tue, 26 Oct 2004 09:32:17 -0700

I tried changing cups.te to 'r_dir_file(cupsd_config_t, rpm_var_lib_t),
but this generated more problems shown below (killall avcs remain too).

Not sure what broke.....  Below is a 'permissive' set of avcs after
adding 'r_dir_file(cupsd_config_t, rpm_var_lib_t)' to cups.te

tom

Oct 26 09:28:03 fedora udev[5101]: removing device node '/dev/usb/lp0'
Oct 26 09:28:03 fedora kernel: usb 3-2: USB disconnect, address 5
Oct 26 09:28:03 fedora kernel: drivers/usb/class/usblp.c: usblp0: removed
Oct 26 09:28:03 fedora dbus: avc:  received setenforce notice (enforcing=0)
Oct 26 09:28:06 fedora kernel: audit(1098808086.993:0): avc:  denied 
{ getattr } for  pid=5145 exe=/usr/sbin/alternatives
path=/etc/rc.d/init.d/cups dev=hda2 ino=4473100
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:initrc_exec_t tclass=file
Oct 26 09:28:08 fedora kernel: audit(1098808088.697:0): avc:  denied 
{ ioctl } for  pid=5146 exe=/usr/bin/perl
path=/usr/share/foomatic/db/oldprinterids dev=hda2 ino=4277183
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:usr_t tclass=file
Oct 26 09:28:09 fedora kernel: audit(1098808089.932:0): avc:  denied 
{ execute } for  pid=5154 exe=/usr/bin/perl name=hostname dev=hda2
ino=229432 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:hostname_exec_t tclass=file
Oct 26 09:28:09 fedora kernel: audit(1098808089.933:0): avc:  denied 
{ execute_no_trans } for  pid=5154 exe=/usr/bin/perl
path=/bin/hostname dev=hda2 ino=229432
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:hostname_exec_t tclass=file
Oct 26 09:28:09 fedora kernel: audit(1098808089.933:0): avc:  denied 
{ read } for  pid=5154 exe=/usr/bin/perl path=/bin/hostname dev=hda2
ino=229432 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:hostname_exec_t tclass=file
Oct 26 09:28:12 fedora kernel: audit(1098808092.679:0): avc:  denied 
{ search } for  pid=5166 exe=/usr/bin/killall name=selinux dev=hda2
ino=4509743 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:selinux_config_t tclass=dir
Oct 26 09:28:12 fedora kernel: audit(1098808092.679:0): avc:  denied 
{ read } for  pid=5166 exe=/usr/bin/killall name=config dev=hda2
ino=4509759 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Oct 26 09:28:12 fedora kernel: audit(1098808092.679:0): avc:  denied 
{ getattr } for  pid=5166 exe=/usr/bin/killall
path=/etc/selinux/config dev=hda2 ino=4509759
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:selinux_config_t tclass=file
Oct 26 09:28:12 fedora kernel: audit(1098808092.680:0): avc:  denied 
{ search } for  pid=5166 exe=/usr/bin/killall name=1 dev=proc
ino=65538 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:system_r:init_t tclass=dir
Oct 26 09:28:12 fedora kernel: audit(1098808092.680:0): avc:  denied 
{ read } for  pid=5166 exe=/usr/bin/killall name=stat dev=proc
ino=65549 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:system_r:init_t tclass=file
Oct 26 09:28:12 fedora kernel: audit(1098808092.681:0): avc:  denied 
{ getattr } for  pid=5166 exe=/usr/bin/killall path=/proc/1/stat
dev=proc ino=65549 scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:system_r:init_t tclass=file

<<<<SNIP Scads more killall avcs.....>>>>

-- 
Tom London