Re: label for /var/cache/cups/jobs.cache, /var/cache/cups/remote.cache

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Tom London wrote:

Running rawhide, targeted enforcing.

cupsd produces the following when trying to access jobs.cache and
remote.cache in /var/cache/cups.

tom

type=PATH msg=audit(04/16/2006 09:56:19.228:50) : item=0
name=/var/cache/cups/remote.cache parent=2814387 dev=fd:00
mode=dir,775 ouid=root ogid=lp rdev=00:00
obj=system_u:object_r:var_t:s0
type=CWD msg=audit(04/16/2006 09:56:19.228:50) :  cwd=/
type=SYSCALL msg=audit(04/16/2006 09:56:19.228:50) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=bfa652e8
a1=8241 a2=1b6 a3=8241 items=1 pid=2245 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root tty=(none) comm=cupsd exe=/usr/sbin/cupsd
subj=system_u:system_r:cupsd_t:s0-s0:c0.c255
type=AVC msg=audit(04/16/2006 09:56:19.228:50) : avc:  denied  { write
} for  pid=2245 comm=cupsd name=remote.cache dev=dm-0 ino=2814393
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255
tcontext=system_u:object_r:var_t:s0 tclass=file
----
type=PATH msg=audit(04/16/2006 09:56:19.228:51) : item=0
name=/var/cache/cups/job.cache parent=2814387 dev=fd:00 mode=dir,775
ouid=root ogid=lp rdev=00:00 obj=system_u:object_r:var_t:s0
type=CWD msg=audit(04/16/2006 09:56:19.228:51) :  cwd=/
type=SYSCALL msg=audit(04/16/2006 09:56:19.228:51) : arch=i386
syscall=open success=no exit=-13(Permission denied) a0=bfa652e8
a1=8241 a2=1b6 a3=8241 items=1 pid=2245 auid=unknown(4294967295)
uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
fsgid=root tty=(none) comm=cupsd exe=/usr/sbin/cupsd
subj=system_u:system_r:cupsd_t:s0-s0:c0.c255
type=AVC msg=audit(04/16/2006 09:56:19.228:51) : avc:  denied  { write
} for  pid=2245 comm=cupsd name=job.cache dev=dm-0 ino=2814394
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255
tcontext=system_u:object_r:var_t:s0 tclass=file

Need the following line added to fc file.

/var/cache/cups(/.*)? --    gen_context(system_u:object_r:cupsd_rw_etc_t,s0)
This looks ok on my machine, so this would only be a problem after a relabel. 

Will add line to policy.


--
Tom London

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list


--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux