Tom London wrote:
Running targeted/enforcing, 1.23.10-5, rawhide.
When I disconnected a USB printer, got the following: Apr 15 09:56:51 localhost kernel: usb 2-1: USB disconnect, address 2 Apr 15 09:56:51 localhost kernel: drivers/usb/class/usblp.c: usblp0: removed Apr 15 09:56:55 localhost dbus: avc: denied { send_msg } for msgtype=signal interface=com.redhat.PrinterSpooler member=PrinterRemoved dest=org.freedesktop.DBus spid=2634 tpid=3592 scontext=user_u:system_r:cupsd_t tcontext=user_u:system_r:unconfined_t tclass=dbus Apr 15 09:56:55 localhost last message repeated 2 times Apr 15 09:56:55 localhost dbus: avc: denied { send_msg } for msgtype=signal interface=com.redhat.PrinterSpooler member=PrinterAdded dest=org.freedesktop.DBus spid=2634 tpid=3592 scontext=user_u:system_r:cupsd_t tcontext=user_u:system_r:unconfined_t tclass=dbus Apr 15 09:56:55 localhost dbus: avc: denied { send_msg } for msgtype=signal interface=com.redhat.PrinterSpooler member=PrinterAdded dest=org.freedesktop.DBus spid=2634 tpid=3592 scontext=user_u:system_r:cupsd_t tcontext=user_u:system_r:unconfined_t tclass=dbus
audit2allow says: allow cupsd_t unconfined_t:dbus send_msg;
That right? tom
Yes it will be in tomorrow's patch.
I wonder if I should add userdomain and unpriv_userdomain attribute to unconfined_t for targeted. Probably to dangerous.
typeattribute unconfined_t userdomain;
typeattribute unconfined_t unpriv_userdomain;
--
-- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-selinux-list
