SELinux is preventing /usr/bin/brprintconf_mfcj615w from write access on the None /opt/brother/Printers/mfcj615w/inf.

Daniel J Walsh dwalsh at redhat.com
Fri Jan 27 20:07:32 UTC 2012 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/27/2012 02:41 PM, Lawrence Graves wrote:
> SELinux is preventing /usr/bin/brprintconf_mfcj615w from write
> access on the None /opt/brother/Printers/mfcj615w/inf.
> 
> ***** Plugin catchall (100. confidence) suggests 
> ***************************
> 
> If you believe that brprintconf_mfcj615w should be allowed write
> access on the inf <Unknown> by default. Then you should report this
> as a bug. You can generate a local policy module to allow this
> access. Do allow this access for now by executing: # grep
> brprintconf_mfc /var/log/audit/audit.log | audit2allow -M mypol #
> semodule -i mypol.pp
> 
> Additional Information: Source Context
> system_u:system_r:cupsd_t:s0-s0:c0.c1023 Target Context
> system_u:object_r:usr_t:s0 Target Objects
> /opt/brother/Printers/mfcj615w/inf [ None ] Source brprintconf_mfc 
> Source Path /usr/bin/brprintconf_mfcj615w Port <Unknown> Host
> Jehovah.localdomain Source RPM Packages Target RPM Packages Policy
> RPM <Unknown> Selinux Enabled True Policy Type targeted Enforcing
> Mode Enforcing Host Name Jehovah.localdomain Platform Linux
> Jehovah.localdomain 3.2.2-1.fc16.x86_64 #1 SMP Thu Jan 26 03:21:58
> UTC 2012 x86_64 x86_64 Alert Count 19 First Seen Fri 27 Jan 2012
> 12:37:43 PM MST Last Seen Fri 27 Jan 2012 12:37:43 PM MST Local ID
> 9fbde894-fedb-4cb3-8210-d98725ed29b7
> 
> Raw Audit Messages type=AVC msg=audit(1327693063.259:264): avc:
> denied { write } for pid=7543 comm="brprintconf_mfc" name="inf"
> dev=dm-1 ino=281094 
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 
> tcontext=system_u:object_r:usr_t:s0
> tclass=dirnode=Jehovah.localdomain type=SYSCALL
> msg=audit(1327693063.259:264): arch=40000003 syscall=38 per=400000
> success=no exit=4294967283 a0=fff0cf70 a1=fff0cb60 a2=804a4e0 
> a3=fff0cf70 items=0 ppid=7522 pid=7543 auid=4294967295 uid=4 gid=7 
> euid=4 suid=4 fsuid=4 egid=7 sgid=7 fsgid=7 tty=(none)
> ses=4294967295 comm="brprintconf_mfc"
> exe="/usr/bin/brprintconf_mfcj615w" 
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)
> 
> 
> Hash: brprintconf_mfc,cupsd_t,usr_t,None,write
> 
> audit2allow
> 
> 
> audit2allow -R -- Lawrence Graves All things are workable but don't
> all things work.
> 
> 
Try running restorecon on both files and see if the labels change.

restorecon -R -v /opt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk8jBAQACgkQrlYvE4MpobNvrQCgt1NgfSpAZuqzKn+CCyhPaIjl
+s8An1ZR1qXN7rUW2Q64r9+xYK48Oa+f
=cBoH
-----END PGP SIGNATURE-----

More information about the users mailing list