Running targeted/enforcing, latest rawhide.
Inserting a USB printer produces on the following AVCs in
/var/log/messages (not audit.log):
Sep 26 06:37:55 localhost kernel: usb 2-1: new full speed USB device
using uhci_hcd and address 5
Sep 26 06:37:55 localhost kernel: drivers/usb/class/usblp.c: usblp0:
USB Bidirectional printer dev 5 if 0 alt 1 proto 2 vid 0x03F0 pid
0x1E11
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceRemoved dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceRemoved dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceRemoved dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceAdded dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
Sep 26 06:37:56 localhost dbus: Can't send to audit system: USER_AVC
pid=2499 uid=81 loginuid=-1 message=avc: denied { send_msg } for
msgtype=signal interface=org.freedesktop.Hal.Manager
member=DeviceAdded dest=org.freedesktop.DBus spid=2517 tpid=4585
scontext=system_u:system_r:hald_t
tcontext=system_u:system_r:cupsd_config_t tclass=dbus
This patch make sense?
tom
--- cups.te.save 2005-09-26 06:47:18.000000000 -0700
+++ cups.te 2005-09-26 06:47:44.000000000 -0700
@@ -263,7 +263,7 @@
ifdef(`dbusd.te', `
allow cupsd_t hald_t:dbus send_msg;
allow cupsd_config_t hald_t:dbus send_msg;
-allow hald_t cupsd_t:dbus send_msg;
+allow hald_t { cupsd_t cupsd_config_t }:dbus send_msg;
')dnl end if dbusd.te
allow hald_t cupsd_config_t:process signal;
--
Tom London
Show replies by thread