hpoj?

Russell Coker russell at coker.com.au
Wed Jul 21 06:40:00 UTC 2004


On Wed, 21 Jul 2004 02:19, Tom London <selinux at comcast.net> wrote:
> avc: denied  { create } for  pid=3684 exe=/usr/sbin/ptal-mlcd
> name=usb:PSC_900_Series scontext=system_u:system_r:ptal_t
> tcontext=system_u:object_r:var_run_t tclass=sock_file

> fedora ptal-mlcd: FATAL ERROR at ExMgr.cpp:1250,
> dev=<mlc:usb:PSC_900_Series>, pid=3684, e=13, t=1090333076
> bind(/var/run/ptal-mlcd/usb:PSC_900_Series) failed!  Ensure
> /var/run/ptal-mlcd/ exists.
>
> The above shows ptal failing to create sock-file
> '/var/run/ptal-mcld/usb:....').
> (Shouldn't the tcontext be 'ptal_var_run_t'????)

Correct.  The directory /var/run/ptal-mcld should have type ptal_var_run_t.

The problem was that the below two lines in cups.fc had "--" specified for the 
type.  Remove the "--" and relabel /var/run and things should be fine.
/var/run/ptal-printd(/.*)?      system_u:object_r:ptal_var_run_t
/var/run/ptal-mlcd(/.*)?        system_u:object_r:ptal_var_run_t

>     Jul 20 07:17:56 fedora kernel: audit(1090333076.799:0): avc:
> denied  { search } for  pid=3685 exe=/usr/sbin/ptal-printd name=root
> dev=hda2 ino=1196033 scontext=system_u:system_r:ptal_t
> tcontext=root:object_r:staff_home_dir_t tclass=dir
>
> I don't know why ptal is trying to seach '/root'.

Lots of daemons do that.  dontaudit is the correct solution to that.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page



More information about the selinux mailing list