SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
Daniel J Walsh
dwalsh at redhat.com
Tue Jun 7 13:54:08 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
>
> ***** Plugin catchall (100. confidence) suggests ***************************
>
> If you believe that colord should be allowed getattr access on the ext4.ini file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep colord /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
> Additional Information:
> Source Context system_u:system_r:colord_t:s0-s0:c0.c1023
> Target Context system_u:object_r:bin_t:s0
> Target Objects /usr/local/Brother/sane/models3/ext4.ini [ file ]
> Source colord
> Source Path /usr/libexec/colord
> Port <Unknown>
> Host Jehovah.localdomain
> Source RPM Packages colord-0.1.7-1.fc15
> Target RPM Packages brscan3-0.2.11-4
> Policy RPM selinux-policy-3.9.16-26.fc15
> Selinux Enabled True
> Policy Type targeted
> Enforcing Mode Enforcing
> Host Name Jehovah.localdomain
> Platform Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64
> #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64
> Alert Count 5
> First Seen Mon 06 Jun 2011 06:40:50 AM MDT
> Last Seen Tue 07 Jun 2011 05:20:41 AM MDT
> Local ID 5284eedd-a207-486b-a7d9-09af2e567072
>
> Raw Audit Messages
> type=AVC msg=audit(1307445641.672:26): avc: denied { getattr } for pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
>
>
> type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
>
> Hash: colord,colord_t,bin_t,file,getattr
>
> audit2allow
>
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
>
> audit2allow -R
>
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
>
>
There is an open bug for this with a fix moving through the process.
Please do not spam the list with these alerts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
iEYEARECAAYFAk3uLYAACgkQrlYvE4MpobPFCQCeOHtBJKliZyAP6zWt6p1rjWHQ
sbsAn3tluXFxYI/KiCOilHaLGY99CUlz
=XW6Y
-----END PGP SIGNATURE-----
More information about the users
mailing list