On 06/20/2009 06:12 AM, Daniel J Walsh wrote:
On 06/19/2009 07:10 PM, Steven Stern wrote:
After installing hplip-gui, I got selinux errors when checking on the
printer status.
audit2allow generated the following policy
module cups20090619 1.0;
require {
type hwdata_t;
type xdm_t;
class dir search;
class file { read getattr open };
}
#============= xdm_t ==============
allow xdm_t hwdata_t:dir search;
allow xdm_t hwdata_t:file { read getattr open };
xdm is checking the printer status? This allow rule indicates the X
Login program is checking the printer status. Could you attach the AVC's
you used to generate this policy.
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915):
avc: denied { search } for pid=14744 comm="gnome-settings-"
name="hwdata" dev=dm-0 ino=33869
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=dir
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915):
avc: denied { read } for pid=14744 comm="gnome-settings-"
name="pnp.ids" dev=dm-0 ino=33873
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=file
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.692:58915):
avc: denied { open } for pid=14744 comm="gnome-settings-"
name="pnp.ids" dev=dm-0 ino=33873
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=file
/var/log/audit/audit.log.1:type=AVC msg=audit(1245413836.693:58916):
avc: denied { getattr } for pid=14744 comm="gnome-settings-"
path="/usr/share/hwdata/pnp.ids" dev=dm-0 ino=33873
scontext=system_u:system_r:xdm_t:s0-s0:c0.c1023
tcontext=system_u:object_r:hwdata_t:s0 tclass=file
--
Steve
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
