Re: udev-configure-printer AVC on chr_file 003

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 02/14/2016 01:43 AM, Robert Nichols wrote:
> In CentOS 6.7 with Windows 7 running in a QEMU/KVM virtual machine,
> when I power-on a printer that the Windows VM uses via networking
> I get the below AVC alert.  Anyone have any idea what is going on?
> I haven't noticed anything not working.
> 

Is it a USB printer?

> SELinux is preventing /lib/udev/udev-configure-printer from read access
> on the chr_file 003.
> 
> *****  Plugin catchall (100. confidence) suggests
> ***************************
> 
> If you believe that udev-configure-printer should be allowed read access
> on the 003 chr_file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep udev-configure- /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> 
> Additional Information:
> Source Context system_u:system_r:cupsd_config_t:s0-s0:c0.c1023
> Target Context                system_u:object_r:svirt_image_t:s0:c255,c554
> Target Objects                003 [ chr_file ]
> Source                        udev-configure-
> Source Path                   /lib/udev/udev-configure-printer
> Port                          <Unknown>
> Host                          omega-3g.local
> Source RPM Packages system-config-printer-udev-1.1.16-25.el6.x86_64
> Target RPM Packages
> Policy RPM                    selinux-policy-3.7.19-279.el6_7.8.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     omega-3g.local
> Platform                      Linux omega-3g.local 3.18.21-16.el6.x86_64
> #1 SMP
>                               Sat Sep 26 01:24:19 UTC 2015 x86_64 x86_64
> Alert Count                   1
> First Seen                    Sat 13 Feb 2016 06:18:29 PM CST
> Last Seen                     Sat 13 Feb 2016 06:18:29 PM CST
> Local ID                      c3c9d30e-0835-4402-b342-acddd26e1686
> 
> Raw Audit Messages
> type=AVC msg=audit(1455409109.607:29449): avc:  denied  { read } for
> pid=32326 comm="udev-configure-" name="003" dev="devtmpfs" ino=2706
> scontext=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:svirt_image_t:s0:c255,c554 tclass=chr_file
> permissive=0
> 
> 
> type=SYSCALL msg=audit(1455409109.607:29449): arch=x86_64 syscall=open
> success=no exit=EACCES a0=7ffe1bd16eb0 a1=0 a2=d a3=0 items=0 ppid=1
> pid=32326 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=udev-configure-
> exe=/lib/udev/udev-configure-printer
> subj=system_u:system_r:cupsd_config_t:s0-s0:c0.c1023 key=(null)
> 
> Hash: udev-configure-,cupsd_config_t,svirt_image_t,chr_file,read
> 
> 
> 


-- 
Miroslav Grepl
Senior Software Engineer, SELinux Solutions
Red Hat, Inc.
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux