On 01/04/2010 12:52 PM, Paolo Galtieri wrote: > I've started seeing this selinux alert > > SELinux is preventing /usr/sbin/cupsd "ipc_lock" access. > > [cupsd has a permissive type (cupsd_t). This access was not denied.]SELinux > denied access requested by cupsd. It is not expected that this access is > required by cupsd and this access may signal an intrusion attempt. It is > also possible that the specific version or configuration of the application > is causing it to require additional access > > Is this something I should be concerned about? THis is something new and will be allowed in the next policy update. Not really something to be concerned about. > > I'm also seeing this alert > > SELinux is preventing /usr/bin/gok "getattr" access on /var/mail. > > SELinux denied access requested by gok. It is not expected that this access > is required by gok and this access may signal an intrusion attempt. It is > also possible that the specific version or configuration of the application > is causing it to require additional access. > > I don't use gok so I'm not sure why I'm getting these alerts. > gok is doing a getattr on all mounted file systems, which is probably causing this avc. It will also be allowed in next release. Fixed in selinux-policy-3.6.32-66.fc12.noarch > Paolo > > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
