Re: selinux errors on rawhide despite update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Antonio Olivares wrote:
> I have updated this machine running rawhide and I still see many of these.  Did they not get fixed with the new selinux-policy?
> 
> Summary
>     SELinux is preventing python (cupsd_config_t) "read" to 003 (usb_device_t).
> 
> Detailed Description
>     SELinux denied access requested by python. It is not expected that this
>     access is required by python and this access may signal an intrusion
>     attempt. It is also possible that the specific version or configuration of
>     the application is causing it to require additional access.
> 
> Allowing Access
>     Sometimes labeling problems can cause SELinux denials.  You could try to
>     restore the default system file context for 003, restorecon -v 003 If this
>     does not work, there is currently no automatic way to allow this access.
>     Instead,  you can generate a local policy module to allow this access - see
>     http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
>     SELinux protection altogether. Disabling SELinux protection is not
>     recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
>     against this package.
> 
> Additional Information        
> 
> Source Context                system_u:system_r:cupsd_config_t
> Target Context                system_u:object_r:usb_device_t
> Target Objects                003 [ chr_file ]
> Affected RPM Packages         
> Policy RPM                    selinux-policy-3.0.8-3.fc8
> Selinux Enabled               True
> Policy Type                   targeted
> MLS Enabled                   True
> Enforcing Mode                Enforcing
> Plugin Name                   plugins.catchall_file
> Host Name                     localhost
> Platform                      Linux localhost 2.6.23-0.189.rc6.git8.fc8 #1 SMP
>                               Wed Sep 19 20:34:10 EDT 2007 i686 athlon
> Alert Count                   6
> First Seen                    Mon 17 Sep 2007 07:07:18 PM CDT
> Last Seen                     Thu 20 Sep 2007 07:16:40 PM CDT
> Local ID                      cbf278e4-fbdc-4926-9daf-0eca08b62ddd
> Line Numbers                  
> 
> Raw Audit Messages            
> 
> avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python
> exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=003 pid=2326
> scontext=system_u:system_r:cupsd_config_t:s0 sgid=0
> subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file
> tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0
> 
> 
> avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=001 pid=2326 scontext=system_u:system_r:cupsd_config_t:s0 sgid=0 subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0 
> 
> 
> Might not the new policy have been updated?
> 
> Thanks,
> 
> Antonio 
> 
> 
> 
> 
>        
> ____________________________________________________________________________________
> Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
> http://farechase.yahoo.com/
> 
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Will be fixed in tomorrows rawhide.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFG88UgrlYvE4MpobMRAmUTAJsF2tf0kKZna09xYuEXj1LwNWTTRwCgx5ef
ZdBGerLMIigBNyVDOEIOjig=
=v9j3
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux