label for /var/cache/cups/jobs.cache, /var/cache/cups/remote.cache

Daniel J Walsh dwalsh at redhat.com
Mon Apr 17 10:50:33 UTC 2006 

Tom London wrote:
> Running rawhide, targeted enforcing.
>
> cupsd produces the following when trying to access jobs.cache and
> remote.cache in /var/cache/cups.
>
> tom
>
> type=PATH msg=audit(04/16/2006 09:56:19.228:50) : item=0
> name=/var/cache/cups/remote.cache parent=2814387 dev=fd:00
> mode=dir,775 ouid=root ogid=lp rdev=00:00
> obj=system_u:object_r:var_t:s0
> type=CWD msg=audit(04/16/2006 09:56:19.228:50) :  cwd=/
> type=SYSCALL msg=audit(04/16/2006 09:56:19.228:50) : arch=i386
> syscall=open success=no exit=-13(Permission denied) a0=bfa652e8
> a1=8241 a2=1b6 a3=8241 items=1 pid=2245 auid=unknown(4294967295)
> uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
> fsgid=root tty=(none) comm=cupsd exe=/usr/sbin/cupsd
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c255
> type=AVC msg=audit(04/16/2006 09:56:19.228:50) : avc:  denied  { write
> } for  pid=2245 comm=cupsd name=remote.cache dev=dm-0 ino=2814393
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255
> tcontext=system_u:object_r:var_t:s0 tclass=file
> ----
> type=PATH msg=audit(04/16/2006 09:56:19.228:51) : item=0
> name=/var/cache/cups/job.cache parent=2814387 dev=fd:00 mode=dir,775
> ouid=root ogid=lp rdev=00:00 obj=system_u:object_r:var_t:s0
> type=CWD msg=audit(04/16/2006 09:56:19.228:51) :  cwd=/
> type=SYSCALL msg=audit(04/16/2006 09:56:19.228:51) : arch=i386
> syscall=open success=no exit=-13(Permission denied) a0=bfa652e8
> a1=8241 a2=1b6 a3=8241 items=1 pid=2245 auid=unknown(4294967295)
> uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root
> fsgid=root tty=(none) comm=cupsd exe=/usr/sbin/cupsd
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c255
> type=AVC msg=audit(04/16/2006 09:56:19.228:51) : avc:  denied  { write
> } for  pid=2245 comm=cupsd name=job.cache dev=dm-0 ino=2814394
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c255
> tcontext=system_u:object_r:var_t:s0 tclass=file
>   
Need the following line added to fc file.

/var/cache/cups(/.*)? --    gen_context(system_u:object_r:cupsd_rw_etc_t,s0)

This looks ok on my machine, so this would only be a problem after a 
relabel.

Will add line to policy.
>
> --
> Tom London
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
>

More information about the fedora-selinux-list mailing list