-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Olivares wrote: > I have updated this machine running rawhide and I still see many of these. Did they not get fixed with the new selinux-policy? > > Summary > SELinux is preventing python (cupsd_config_t) "read" to 003 (usb_device_t). > > Detailed Description > SELinux denied access requested by python. It is not expected that this > access is required by python and this access may signal an intrusion > attempt. It is also possible that the specific version or configuration of > the application is causing it to require additional access. > > Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for 003, restorecon -v 003 If this > does not work, there is currently no automatic way to allow this access. > Instead, you can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > > Additional Information > > Source Context system_u:system_r:cupsd_config_t > Target Context system_u:object_r:usb_device_t > Target Objects 003 [ chr_file ] > Affected RPM Packages > Policy RPM selinux-policy-3.0.8-3.fc8 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name plugins.catchall_file > Host Name localhost > Platform Linux localhost 2.6.23-0.189.rc6.git8.fc8 #1 SMP > Wed Sep 19 20:34:10 EDT 2007 i686 athlon > Alert Count 6 > First Seen Mon 17 Sep 2007 07:07:18 PM CDT > Last Seen Thu 20 Sep 2007 07:16:40 PM CDT > Local ID cbf278e4-fbdc-4926-9daf-0eca08b62ddd > Line Numbers > > Raw Audit Messages > > avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python > exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=003 pid=2326 > scontext=system_u:system_r:cupsd_config_t:s0 sgid=0 > subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file > tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0 > > > avc: denied { read } for comm=python dev=tmpfs egid=0 euid=0 exe=/usr/bin/python exit=-13 fsgid=0 fsuid=0 gid=0 items=0 name=001 pid=2326 scontext=system_u:system_r:cupsd_config_t:s0 sgid=0 subj=system_u:system_r:cupsd_config_t:s0 suid=0 tclass=chr_file tcontext=system_u:object_r:usb_device_t:s0 tty=(none) uid=0 > > > Might not the new policy have been updated? > > Thanks, > > Antonio > > > > > > ____________________________________________________________________________________ > Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase. > http://farechase.yahoo.com/ > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Will be fixed in tomorrows rawhide. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG88UgrlYvE4MpobMRAmUTAJsF2tf0kKZna09xYuEXj1LwNWTTRwCgx5ef ZdBGerLMIigBNyVDOEIOjig= =v9j3 -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
