-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Les wrote: > I need a SELinux person to explain this error for me. It seems to occur > when I try to print from the web. > > The suggested command "restorecon -v Par0 doesn't work because for one > thing Par0 doesn't exist I think. The error seems to be that something > wants to relable sbin/udevd to par0, and since that didn't occur I > suspect that the problem is not with Par0, but rather the /sbin/udevd. > And since I think this is a system file, I am not sure it should be > relabled anyway, without causing other problems. At least that is my > take. Any ideas? > > Please help with detailed information. I do not want to mess up my > system, which seems to be working well except for this. > > Regards, > Les H > > Here is the output from the SETroubleshoot window: > > Summary > SELinux is preventing /sbin/udevd (udev_t) "relabelto" to par0 > (device_t). > > Detailed Description > SELinux denied access requested by /sbin/udevd. It is not expected > that this > access is required by /sbin/udevd and this access may signal an > intrusion > attempt. It is also possible that the specific version or > configuration of > the application is causing it to require additional access. > > Allowing Access > Sometimes labeling problems can cause SELinux denials. You could > try to > restore the default system file context for par0, restorecon -v par0 > If this > does not work, there is currently no automatic way to allow this > access. > Instead, you can generate a local policy module to allow this > access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can > disable > SELinux protection altogether. Disabling SELinux protection is not > recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi > against this package. > > Additional Information > > Source Context > system_u:system_r:udev_t:SystemLow-SystemHigh > Target Context system_u:object_r:device_t > Target Objects par0 [ lnk_file ] > Affected RPM Packages udev-113-12.fc7 [application] > Policy RPM selinux-policy-2.6.4-42.fc7 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Permissive > Plugin Name plugins.catchall_file > Host Name localhost.localdomain > Platform Linux localhost.localdomain > 2.6.22.7-85.fc7 #1 SMP > Fri Sep 21 19:53:05 EDT 2007 i686 i686 > Alert Count 5 > First Seen Sat 15 Sep 2007 12:20:19 PM PDT > Last Seen Thu 27 Sep 2007 10:10:01 AM PDT > Local ID 3b8dfa9b-fb5a-489d-9750-ea5776718542 > Line Numbers > > Raw Audit Messages > > avc: denied { relabelto } for comm="udevd" dev=tmpfs egid=0 euid=0 > exe="/sbin/udevd" exit=0 fsgid=0 fsuid=0 gid=0 items=0 name="par0" > pid=3273 > scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0 > subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=lnk_file > tcontext=system_u:object_r:device_t:s0 tty=(none) uid=0 > > > This seems to be a bug. It is indicating the udev is trying to relabel a symbolic link /dev/par0 to device_t. It does not need to relabel the link since it will default to device_t. You can eliminate this avc by executing # grep udev_t /var/log/audit/audit.log | audit2allow -M myudev # semodule -M myudev.pp Please report this as a bug on udev and you can attach my comments. I don't believe this bug would have caused a failure. But you should run in enforcing mode. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFG/QM8rlYvE4MpobMRArn+AKDCjMpVMnnhj2ImVAGgi16KVZJZxACeK2q3 aBMw9Bim5czzgYwyBp1+wA0= =/fRR -----END PGP SIGNATURE-----