Running targeted/enforcing, latest rawhide.
I get the following avc from cupsd on startup and during use of an HP
USB printer:
May 19 06:22:51 localhost kernel: audit(1116508971.985:0): avc:
denied { read } for name=printconf.pickle dev=dm-0 ino=2158741
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
May 19 06:23:48 localhost kernel: audit(1116509028.008:0): avc:
denied { write } for name=printconf.pickle dev=dm-0 ino=2158741
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
May 19 07:06:39 localhost kernel: audit(1116511599.151:0): avc:
denied { read } for name=printconf.pickle dev=dm-0 ino=2158741
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
May 19 07:06:48 localhost kernel: audit(1116511608.606:0): avc:
denied { signal } for scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=process
May 19 07:06:52 localhost kernel: audit(1116511612.418:0): avc:
denied { write } for name=printconf.pickle dev=dm-0 ino=2158741
scontext=system_u:system_r:cupsd_config_t
tcontext=system_u:object_r:var_t tclass=file
Some read/write avcs are for /var/foomatic/printconf.pickle. Is there
an appropriate type for this (other than var_t)?
Should hald.te have:
ifdev(`cups.te', `
allow hald_t cupsd_config_t:process signal;
')
Other?
tom
--
Tom London
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-selinux-list
