Running targeted/enforcing, latest rawhide.
Trying to print from firefox, I get:
type=AVC msg=audit(1151341517.216:697): avc: denied { recv } for pid=2965 comm="firefox-bin" saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151341520.217:698): avc: denied { recv } for saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151341526.217:699): avc: denied { recv } for saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151341538.217:700): avc: denied { recv } for saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151341562.219:701): avc: denied { recv } for saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Doing a 'setenforce 0' and retrying yields:
type=AVC msg=audit(1151342357.528:780): avc: denied { recv } for pid=3943 comm="firefox-bin" saddr=127.0.0.1 src=47782 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151342357.528:780): avc: denied { send } for pid=3943 comm="firefox-bin" saddr=127.0.0.1 src=631 daddr=127.0.0.1 dest=47782 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=SYSCALL msg=audit(1151342357.528:780): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bfbf8db0 a2=4703c3f4 a3=0 items=0 ppid=3938 pid=3943 auid=500 uid=500 gid=500 euid=500 suid=500 fsuid=500 egid=500 sgid=500 fsgid=500 tty=(none) comm="firefox-bin" exe="/usr/lib/firefox-1.5.0.4/firefox-bin" subj=user_u:system_r:unconfined_t:s0 type=SOCKADDR msg=audit(1151342357.528:780): saddr=020002777F0000010000000000000000 type=SOCKETCALL msg=audit(1151342357.528:780): nargs=3 a0=27 a1=b6d875c a2=10 type=AVC msg=audit(1151342370.197:781): avc: denied { send } for pid=4108 comm="hp" saddr=127.0.0.1 src=43162 daddr=127.0.0.1 dest=50000 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151342370.197:781): avc: denied { recv } for pid=4108 comm="hp" saddr=127.0.0.1 src=43162 daddr=127.0.0.1 dest=50000 netif=lo scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151342370.197:781): avc: denied { send } for pid=4108 comm="hp" saddr=127.0.0.1 src=50000 daddr=127.0.0.1 dest=43162 netif=lo scontext=system_u:system_r:hplip_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=AVC msg=audit(1151342370.197:781): avc: denied { recv } for pid=4108 comm="hp" saddr=127.0.0.1 src=50000 daddr=127.0.0.1 dest=43162 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet type=SYSCALL msg=audit(1151342370.197:781): arch=40000003 syscall=102 success=yes exit=0 a0=3 a1=bf86ac50 a2=804d110 a3=804d1a4 items=0 ppid=2246 pid=4108 auid=4294967295 uid=4 gid=7 euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none) comm="hp" exe="/usr/lib/cups/backend/hp" subj=system_u:system_r:cupsd_t:s0-s0:c0.c255 type=SOCKADDR msg=audit(1151342370.197:781): saddr=0200C3507F0000010000000000000000 type=SOCKETCALL msg=audit(1151342370.197:781): nargs=3 a0=4 a1=bf86ac78 a2=10
tom
On Mon, 2006-06-26 at 10:20 -0700, Tom London wrote:
Running targeted/enforcing, latest rawhide.
Trying to print from firefox, I get:
type=AVC msg=audit(1151341517.216:697): avc: denied { recv } for pid=2965 comm="firefox-bin" saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Ah, this is because libcups now uses the UNIX domain socket /var/run/cups/cups.sock (if it exists) to communicate with cupsd. We need to add this capability to all targeted applications that need to communicate with CUPS.
Tim. */
Tim Waugh wrote:
On Mon, 2006-06-26 at 10:20 -0700, Tom London wrote:
Running targeted/enforcing, latest rawhide.
Trying to print from firefox, I get:
type=AVC msg=audit(1151341517.216:697): avc: denied { recv } for pid=2965 comm="firefox-bin" saddr=127.0.0.1 src=50209 daddr=127.0.0.1 dest=631 netif=lo scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255 tcontext=system_u:object_r:unlabeled_t:s0 tclass=packet
Ah, this is because libcups now uses the UNIX domain socket /var/run/cups/cups.sock (if it exists) to communicate with cupsd. We need to add this capability to all targeted applications that need to communicate with CUPS.
Tim. */
unlabled_t:packet problems should be working now in Rawhide.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
selinux@lists.fedoraproject.org