type=AVC msg=audit(02/27/2006 08:04:15.126:101) : avc: denied { read
} for pid=5773 comm=printconf-backe name=.fonts.cache-2 dev=dm-0
ino=555510 scontext=system_u:system_r:cupsd_config_t:s0
tcontext=system_u:object_r:user_home_t:s0 tclass=file
Does it work? This is likely harmless.
However, we should be making use of the fact that this file
(.fonts.cache-2) is now in its own directory. I specifically filed a bug
to get it moved, and now we should write policy to take advantage of
that, by:
- prelabeling this folder with the correct type in our profile script,
or any future solution, so that the cache can be created with the
correct type by libfontconfig
- allowing programs that need to read fonts to read that type
(moving font-related macros from the old strict policy into the new
refpol).
It's unfortunate all those problems were solved in the old strict
policy, and now they all have to be re-solved for refpol.
type=AVC msg=audit(02/27/2006 08:04:15.126:101) : avc: denied {
write } for pid=5773 comm=printconf-backe name=[21844] dev=pipefs
ino=21844 scontext=system_u:system_r:cupsd_config_t:s0
tcontext=system_u:system_r:unconfined_t:s0 tclass=fifo_file
This isn't very helpful - what is it trying to write to - grep for 21844.
(Does lsof show that number?)
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
