What's SELinux doing to me?
Antonio Olivares
olivares14031 at yahoo.com
Sun Jun 10 22:37:49 UTC 2007
----- Original Message ----
From: William Case <billlinux at rogers.com>
To: FEDORA List <fedora-list at redhat.com>
Sent: Sunday, June 10, 2007 3:52:23 PM
Subject: What's SELinux doing to me?
Hi;
Set up my upstairs Epson Stylus Color 740 which is attached to a
WindowsXP computer through the Fedora 7 printer config gui. My SElinux
is in permissive mode. I received the following error/denial. My
current project is understanding Samba. I am not ready to climb into
SELinux. So, please how do I fix this so I can print something?
(The /tmp/gedit.bill.2675579933 was test file)
Summary
SELinux is preventing the /usr/bin/smbspool from using potentially
mislabeled files (/tmp/gedit.bill.2675579933).
Detailed Description
SELinux has denied /usr/bin/smbspool access to potentially
mislabeled
file(s) (/tmp/gedit.bill.2675579933). This means that SELinux will
not
allow /usr/bin/smbspool to use these files. It is common for users
to edit
files in their home directory or tmp directories and then move (mv)
them to
system directories. The problem is that the files end up with the
wrong
file context which confined applications are not allowed to access.
Allowing Access
If you want /usr/bin/smbspool to access this files, you need to
relabel them
using restorecon -v /tmp/gedit.bill.2675579933. You might want to
relabel
the entire directory using restorecon -R -v /tmp.
Additional Information
Source Context
system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context user_u:object_r:tmp_t
Target Objects /tmp/gedit.bill.2675579933 [ sock_file ]
Affected RPM Packages samba-client-3.0.25a-3.fc7 [application]
Policy RPM selinux-policy-2.6.4-13.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.home_tmp_bad_labels
Host Name CASE
Platform Linux CASE 2.6.21-1.3194.fc7 #1 SMP Wed
May 23
22:35:01 EDT 2007 i686 i686
Alert Count 1
First Seen Sun 10 Jun 2007 03:50:19 PM EDT
Last Seen Sun 10 Jun 2007 03:50:19 PM EDT
Local ID 5a00df94-05c8-4d1b-959a-71ee2e1c96ab
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm="smb" dev=sdb7 egid=7 euid=4
exe="/usr/bin/smbspool" exit=0 fsgid=7 fsuid=4 gid=7 items=0
name="gedit.bill.2675579933" path="/tmp/gedit.bill.2675579933" pid=1895
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=sock_file
tcontext=user_u:object_r:tmp_t:s0 tty=(none) uid=4
--
Regards Bill
--
fedora-list mailing list
fedora-list at redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Bill,
Have you tried to do what they recommend you to do
Allowing Access
If you want /usr/bin/smbspool to access this files, you need to
relabel them
using restorecon -v /tmp/gedit.bill.2675579933. You might want to
relabel
the entire directory using restorecon -R -v /tmp.
Become root user su -
# restorecon -v /tmp/gedit.bill.2675579933
and you might want to
# restorecon -R -v /tmp
if the above did not help.
Hope this helps,
Antonio .
____________________________________________________________________________________
Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos & more.
http://mobile.yahoo.com/go?refer=1GNXIC
More information about the fedora-list
mailing list