SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.

Daniel J Walsh dwalsh at redhat.com
Tue Jun 7 13:54:08 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/07/2011 09:47 AM, Lawrence E Graves wrote:
> SELinux is preventing /usr/libexec/colord from getattr access on the file /usr/local/Brother/sane/models3/ext4.ini.
> 
> *****  Plugin catchall (100. confidence) suggests  ***************************
> 
> If you believe that colord should be allowed getattr access on the ext4.ini file by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep colord /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
> 
> Additional Information:
> Source Context                system_u:system_r:colord_t:s0-s0:c0.c1023
> Target Context                system_u:object_r:bin_t:s0
> Target Objects                /usr/local/Brother/sane/models3/ext4.ini [ file ]
> Source                        colord
> Source Path                   /usr/libexec/colord
> Port                          <Unknown>
> Host                          Jehovah.localdomain
> Source RPM Packages           colord-0.1.7-1.fc15
> Target RPM Packages           brscan3-0.2.11-4
> Policy RPM                    selinux-policy-3.9.16-26.fc15
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     Jehovah.localdomain
> Platform                      Linux Jehovah.localdomain 2.6.38.7-30.fc15.x86_64
>                               #1 SMP Fri May 27 05:15:53 UTC 2011 x86_64 x86_64
> Alert Count                   5
> First Seen                    Mon 06 Jun 2011 06:40:50 AM MDT
> Last Seen                     Tue 07 Jun 2011 05:20:41 AM MDT
> Local ID                      5284eedd-a207-486b-a7d9-09af2e567072
> 
> Raw Audit Messages
> type=AVC msg=audit(1307445641.672:26): avc:  denied  { getattr } for  pid=1136 comm="colord" path="/usr/local/Brother/sane/models3/ext4.ini" dev=dm-1 ino=1325526 scontext=system_u:system_r:colord_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file
> 
> 
> type=SYSCALL msg=audit(1307445641.672:26): arch=x86_64 syscall=fstat success=yes exit=0 a0=12 a1=7fffa928d6a0 a2=7fffa928d6a0 a3=7fffa928d5a0 items=0 ppid=1 pid=1136 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=colord exe=/usr/libexec/colord subj=system_u:system_r:colord_t:s0-s0:c0.c1023 key=(null)
> 
> Hash: colord,colord_t,bin_t,file,getattr
> 
> audit2allow
> 
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
> 
> audit2allow -R
> 
> #============= colord_t ==============
> allow colord_t bin_t:file getattr;
> 
> 
There is an open bug for this with a fix moving through the process.
Please do not spam the list with these alerts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk3uLYAACgkQrlYvE4MpobPFCQCeOHtBJKliZyAP6zWt6p1rjWHQ
sbsAn3tluXFxYI/KiCOilHaLGY99CUlz
=XW6Y
-----END PGP SIGNATURE-----

More information about the users mailing list