SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that colord should be allowed getattr access on the ext4.ini file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep colord /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Additional Information: Source Context system_u:system_r:colord_t:s0-s0:c0.c1023 Target Context system_u:object_r:bin_t:s0 Target Objects /usr/local/Brother/sane/models3/ext4.ini [ file ] Source colord Source Path /usr/libexec/colord Port <Unknown> Host Jehovah.localdomain Source RPM Packages colord-0.1.7-1.fc15 Target RPM Packages brscan3-0.2.11-4 Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Jehovah.localdomain Platform Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64 #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64 Alert Count 5 First Seen Mon 06 Jun 2011 06:40:50 AM MDT Last Seen Tue 07 Jun 2011 05:20:41 AM MDT Local ID 5284eedd-a207-486b-a7d9-09af2e567072
Raw Audit Messages type=AVC msg=audit(1307445641.672:26): avc: denied { getattr } for pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
Hash: colord,colord_t,bin_t,file,getattr
audit2allow
#============= colord_t ============== allow colord_t bin_t:file getattr;
audit2allow -R
#============= colord_t ============== allow colord_t bin_t:file getattr;
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that colord should be allowed getattr access on the ext4.ini file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep colord /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Additional Information: Source Context system_u:system_r:colord_t:s0-s0:c0.c1023 Target Context system_u:object_r:bin_t:s0 Target Objects /usr/local/Brother/sane/models3/ext4.ini [ file ] Source colord Source Path /usr/libexec/colord Port <Unknown> Host Jehovah.localdomain Source RPM Packages colord-0.1.7-1.fc15 Target RPM Packages brscan3-0.2.11-4 Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Jehovah.localdomain Platform Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64 #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64 Alert Count 5 First Seen Mon 06 Jun 2011 06:40:50 AM MDT Last Seen Tue 07 Jun 2011 05:20:41 AM MDT Local ID 5284eedd-a207-486b-a7d9-09af2e567072
Raw Audit Messages type=AVC msg=audit(1307445641.672:26): avc: denied { getattr } for pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
Hash: colord,colord_t,bin_t,file,getattr
audit2allow
#============= colord_t ============== allow colord_t bin_t:file getattr;
audit2allow -R
#============= colord_t ============== allow colord_t bin_t:file getattr;
There is an open bug for this with a fix moving through the process. Please do not spam the list with these alerts.
On 06/07/2011 09:54 PM, Daniel J Walsh wrote:
There is an open bug for this with a fix moving through the process. Please do not spam the list with these alerts.
You may also want to consider trimming your responses to remove the spam.... :-)
On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that colord should be allowed getattr access on the ext4.ini file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep colord /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Additional Information: Source Context system_u:system_r:colord_t:s0-s0:c0.c1023 Target Context system_u:object_r:bin_t:s0 Target Objects /usr/local/Brother/sane/models3/ext4.ini [ file ] Source colord Source Path /usr/libexec/colord Port<Unknown> Host Jehovah.localdomain Source RPM Packages colord-0.1.7-1.fc15 Target RPM Packages brscan3-0.2.11-4 Policy RPM selinux-policy-3.9.16-26.fc15 Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name Jehovah.localdomain Platform Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64 #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64 Alert Count 5 First Seen Mon 06 Jun 2011 06:40:50 AM MDT Last Seen Tue 07 Jun 2011 05:20:41 AM MDT Local ID 5284eedd-a207-486b-a7d9-09af2e567072
Raw Audit Messages type=AVC msg=audit(1307445641.672:26): avc: denied { getattr } for pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
Hash: colord,colord_t,bin_t,file,getattr
audit2allow
#============= colord_t ============== allow colord_t bin_t:file getattr;
audit2allow -R
#============= colord_t ============== allow colord_t bin_t:file getattr;
colord is required by both cups (print server) and foomatic (printer databases). It looks like you are using selinux in enforcing mode which is preventing your printing due to the denial above (best guess on my part).
Turn off selinux and try it. I told you how to do that offlist. If that doesn't work, please note in Dan's response that there is bug for this open. You might just need to wait for the fix to hit F15 updates-testing. (sudo yum --enablerepo=updates-testing update).
If that doesn't work, follow Dan's advice and open a bugzilla for the problem. Open against cups for now and the triagers will get it to the right place. Include this selinux denial.
There is nothing else I can do to help you. Good luck.
-
Clyde E. Kunkel -
Daniel J Walsh -
Ed Greshko -
Lawrence E Graves