SELinux is preventing /usr/sbin/cupsd "ipc_lock" access.
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 4 18:03:05 UTC 2010
On 01/04/2010 12:52 PM, Paolo Galtieri wrote:
> I've started seeing this selinux alert
>
> SELinux is preventing /usr/sbin/cupsd "ipc_lock" access.
>
> [cupsd has a permissive type (cupsd_t). This access was not denied.]SELinux
> denied access requested by cupsd. It is not expected that this access is
> required by cupsd and this access may signal an intrusion attempt. It is
> also possible that the specific version or configuration of the application
> is causing it to require additional access
>
> Is this something I should be concerned about?
THis is something new and will be allowed in the next policy update. Not really something to be concerned about.
>
> I'm also seeing this alert
>
> SELinux is preventing /usr/bin/gok "getattr" access on /var/mail.
>
> SELinux denied access requested by gok. It is not expected that this access
> is required by gok and this access may signal an intrusion attempt. It is
> also possible that the specific version or configuration of the application
> is causing it to require additional access.
>
> I don't use gok so I'm not sure why I'm getting these alerts.
>
gok is doing a getattr on all mounted file systems, which is probably causing this avc. It will also be allowed in next release.
Fixed in selinux-policy-3.6.32-66.fc12.noarch
> Paolo
>
>
More information about the fedora-list
mailing list