hpoj?

Tom London selinux at comcast.net
Mon Jul 19 17:15:03 UTC 2004


I'm getting some messages from hpoj that
I don't remember getting before, shown below.
After starting in permissive mode,
checking on '/var/run/ptal-mlcd and ptal-printd' shows
files (fifos) with context 'system_u:object_r:var_run_t'.
I was expecting them to be 'system_u:object_r:ptal_var_run_t'.

Have I missed configuring this properly?

thanks,
   tom

Audit2allow on permissive avc's yield:
allow ptal_t etc_runtime_t:file { getattr };
allow ptal_t etc_t:file { read };
allow ptal_t staff_home_dir_t:dir { search };
allow ptal_t usbdevfs_t:dir { getattr read };
allow ptal_t var_run_t:fifo_file { create read setattr };
allow ptal_t var_run_t:sock_file { create setattr };


(enforcing);
Jul 19 09:58:07 fedora kernel: audit(1090256287.964:0): avc:  denied  { 
create } for  pid=5638 exe=/usr/sbin/ptal-mlcd name=usb:PSC_900_Series 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:var_run_t 
tclass=sock_file
Jul 19 09:58:07 fedora ptal-mlcd: FATAL ERROR at ExMgr.cpp:1250, 
dev=<mlc:usb:PSC_900_Series>, pid=5638, e=13, t=1090256287         
bind(/var/run/ptal-mlcd/usb:PSC_900_Series) failed!  Ensure 
/var/run/ptal-mlcd/ exists.
Jul 19 09:58:07 fedora kernel: audit(1090256287.972:0): avc:  denied  { 
search } for  pid=5639 exe=/usr/sbin/ptal-printd name=root dev=hda2 
ino=1196033 scontext=system_u:system_r:ptal_t 
tcontext=root:object_r:staff_home_dir_t tclass=dir
Jul 19 09:58:07 fedora kernel: audit(1090256287.972:0): avc:  denied  { 
read } for  pid=5639 exe=/usr/sbin/ptal-printd 
name=mlc:usb:PSC_900_Series dev=hda2 ino=738368 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:etc_t 
tclass=file
Jul 19 09:58:07 fedora kernel: audit(1090256287.972:0): avc:  denied  { 
getattr } for  pid=5639 exe=/usr/sbin/ptal-printd 
path=/etc/ptal/ptal-printd-like dev=hda2 ino=737289 
scontext=system_u:system_r:ptal_t 
tcontext=system_u:object_r:etc_runtime_t tclass=file
Jul 19 09:58:07 fedora ptal-printd: ptal-printd(mlc:usb:PSC_900_Series): 
Unable to read file permissions from "/etc/ptal/ptal-printd-like"!
Jul 19 09:58:09 fedora ptal-photod: ptal-photod(mlc:usb:PSC_900_Series) 
successfully initialized, listening on port 5703.

(permissive):
Jul 19 09:59:41 fedora ptal-mlcd: SYSLOG at ExMgr.cpp:652, 
dev=<mlc:usb:PSC_900_Series>, pid=5694, e=2, t=1090256381         
ptal-mlcd successfully 
initialized.                                                                                

Jul 19 09:59:41 fedora ptal-printd: ptal-printd(mlc:usb:PSC_900_Series) 
successfully initialized using /var/run/ptal-printd/mlc_usb_PSC_900_Series*.
Jul 19 09:59:41 fedora kernel: audit(1090256381.301:0): avc:  denied  { 
create } for  pid=5693 exe=/usr/sbin/ptal-mlcd name=usb:PSC_900_Series 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:var_run_t 
tclass=sock_file
Jul 19 09:59:41 fedora kernel: audit(1090256381.301:0): avc:  denied  { 
setattr } for  pid=5693 exe=/usr/sbin/ptal-mlcd name=usb:PSC_900_Series 
dev=hda2 ino=4493726 scontext=system_u:system_r:ptal_t 
tcontext=system_u:object_r:var_run_t tclass=sock_file
Jul 19 09:59:41 fedora kernel: audit(1090256381.301:0): avc:  denied  { 
read } for  pid=5693 exe=/usr/sbin/ptal-mlcd dev=usbdevfs ino=1417 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:usbdevfs_t 
tclass=dir
Jul 19 09:59:41 fedora kernel: audit(1090256381.301:0): avc:  denied  { 
getattr } for  pid=5693 exe=/usr/sbin/ptal-mlcd path=/proc/bus/usb 
dev=usbdevfs ino=1417 scontext=system_u:system_r:ptal_t 
tcontext=system_u:object_r:usbdevfs_t tclass=dir
Jul 19 09:59:41 fedora kernel: audit(1090256381.308:0): avc:  denied  { 
search } for  pid=5695 exe=/usr/sbin/ptal-printd name=root dev=hda2 
ino=1196033 scontext=system_u:system_r:ptal_t 
tcontext=root:object_r:staff_home_dir_t tclass=dir
Jul 19 09:59:41 fedora kernel: audit(1090256381.309:0): avc:  denied  { 
read } for  pid=5695 exe=/usr/sbin/ptal-printd 
name=mlc:usb:PSC_900_Series dev=hda2 ino=738368 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:etc_t 
tclass=file
Jul 19 09:59:41 fedora kernel: audit(1090256381.309:0): avc:  denied  { 
getattr } for  pid=5695 exe=/usr/sbin/ptal-printd 
path=/etc/ptal/ptal-printd-like dev=hda2 ino=737289 
scontext=system_u:system_r:ptal_t 
tcontext=system_u:object_r:etc_runtime_t tclass=file
Jul 19 09:59:41 fedora kernel: audit(1090256381.309:0): avc:  denied  { 
create } for  pid=5695 exe=/usr/sbin/ptal-printd 
name=mlc_usb_PSC_900_Series scontext=system_u:system_r:ptal_t 
tcontext=system_u:object_r:var_run_t tclass=fifo_file
Jul 19 09:59:41 fedora kernel: audit(1090256381.309:0): avc:  denied  { 
setattr } for  pid=5695 exe=/usr/sbin/ptal-printd 
name=mlc_usb_PSC_900_Series dev=hda2 ino=4493727 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:var_run_t 
tclass=fifo_file
Jul 19 09:59:41 fedora kernel: audit(1090256381.309:0): avc:  denied  { 
read } for  pid=5695 exe=/usr/sbin/ptal-printd 
name=mlc_usb_PSC_900_Series dev=hda2 ino=4493727 
scontext=system_u:system_r:ptal_t tcontext=system_u:object_r:var_run_t 
tclass=fifo_file
Jul 19 09:59:43 fedora ptal-photod: ptal-photod(mlc:usb:PSC_900_Series) 
successfully initialized, listening on port 5703.




More information about the selinux mailing list