SELinux is preventing boomagabackend from 'sys_ptrace' accesses on the cap_userns Unknown.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I have received this error report, about boomaga.

I can print to boomaga printer, but with a delay about 30 seconds per task. SELinux Troubleshooter reports an error.

SELinux is preventing boomagabackend from 'sys_ptrace' accesses on the cap_userns Unknown.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that boomagabackend should be allowed sys_ptrace access on the Unknown cap_userns by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'boomagabackend' --raw | audit2allow -M my-boomagabackend
# semodule -X 300 -i my-boomagabackend.pp

Additional Information:
Source Context                system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023
Target Context                system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023
Target Objects                Unknown [ cap_userns ]
Source                        boomagabackend
Source Path                   boomagabackend
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-225.11.fc25.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.9.14-200.fc25.x86_64 #1 SMP Mon
                              Mar 13 19:26:40 UTC 2017 x86_64 x86_64
Alert Count                   3
First Seen                    2017-03-25 00:29:09 MSK
Last Seen                     2017-03-25 00:32:12 MSK
Local ID                      531f80ea-deab-40c6-9bd0-c7375eef6639

Raw Audit Messages
type=AVC msg=audit(1490391132.808:798): avc:  denied  { sys_ptrace } for  pid=12332 comm="boomagabackend" capability=19  scontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023 tcontext=system_u:system_r:boomaga_cups_t:s0-s0:c0.c1023 tclass=cap_userns permissive=1

Hash: boomagabackend,boomaga_cups_t,boomaga_cups_t,cap_userns,sys_ptrace

------------------------------------
Have someone a idea how can this be solved ?
The files of the package were stored for test purposes here: https://martinkg.fedorapeople.org/Review/test/boomaga/
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux