Running Rawhide, targeted/enforcing: Get the following when attempting to 'add/modify' cups classes using the browser interface (http://localhost:631). I'm guessing its trying to access /etc/hp: [tbl@localhost hp]$ ls -lZ /etc/hp -rw-r--r-- root root system_u:object_r:hplip_etc_t hplip.conf [tbl@localhost hp]$ type=AVC msg=audit(1159399431.862:77): avc: denied { search } for pid=4914 comm="hp" name="hp" dev=dm-0 ino=11108479 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir type=SYSCALL msg=audit(1159399431.862:77): arch=40000003 syscall=5 success=no exit=-13 a0=804c305 a1=0 a2=1b6 a3=9518008 items=0 ppid=4913 pid=4914 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) Putting it in permissive mode and browsing to 'Administration' page produces: type=AVC msg=audit(1159400309.010:111): avc: denied { search } for pid=5019 comm="hp" name="hp" dev=dm-0 ino=11108479 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir type=AVC msg=audit(1159400309.010:111): avc: denied { read } for pid=5019 comm="hp" name="hplip.conf" dev=dm-0 ino=11108480 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=file type=SYSCALL msg=audit(1159400309.010:111): arch=40000003 syscall=5 success=yes exit=4 a0=804c305 a1=0 a2=1b6 a3=806a008 items=0 ppid=5018 pid=5019 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1159400309.014:112): avc: denied { getattr } for pid=5019 comm="hp" name="hplip.conf" dev=dm-0 ino=11108480 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=file type=SYSCALL msg=audit(1159400309.014:112): arch=40000003 syscall=197 success=yes exit=0 a0=4 a1=bf866cd8 a2=49872ff4 a3=806a008 items=0 ppid=5018 pid=5019 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) type=AVC_PATH msg=audit(1159400309.014:112): path="/etc/hp/hplip.conf" type=AVC msg=audit(1159400310.474:113): avc: denied { search } for pid=5039 comm="python" name="hp" dev=dm-0 ino=11108479 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=dir type=AVC msg=audit(1159400310.474:113): avc: denied { getattr } for pid=5039 comm="python" name="hplip.conf" dev=dm-0 ino=11108480 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=file type=SYSCALL msg=audit(1159400310.474:113): arch=40000003 syscall=195 success=yes exit=0 a0=99b4a98 a1=bfb26f88 a2=49872ff4 a3=99601b0 items=0 ppid=5018 pid=5039 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) type=AVC_PATH msg=audit(1159400310.474:113): path="/etc/hp/hplip.conf" type=AVC msg=audit(1159400310.474:114): avc: denied { read } for pid=5039 comm="python" name="hplip.conf" dev=dm-0 ino=11108480 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:hplip_etc_t:s0 tclass=file type=SYSCALL msg=audit(1159400310.474:114): arch=40000003 syscall=5 success=yes exit=4 a0=99b4a98 a1=8000 a2=1b6 a3=99d2070 items=0 ppid=5018 pid=5039 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) comm="python" exe="/usr/bin/python" subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null) tom -- Tom London -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
