Turboprint and FC7
Daniel J Walsh
dwalsh at redhat.com
Fri Jun 22 15:49:38 UTC 2007
piotreek23 at gmail.com wrote:
> Hi guys im using turboprint drivers for my IP 1000 Canon. When i try
> to print from Open Office i get this below:
>
>
> sealert -l 26616fa9-ba9f-44fb-9cf2-d1940f15217f
> Summary
> SELinux is preventing /lib/ld-2.6.so (cupsd_t) "execmem" to <Nieznane>
> (cupsd_t).
>
> Detailed Description
> SELinux denied access requested by /lib/ld-2.6.so. It is not
> expected that
> this access is required by /lib/ld-2.6.so and this access may
> signal an
> intrusion attempt. It is also possible that the specific version or
> configuration of the application is causing it to require
> additional access.
>
> Allowing Access
> You can generate a local policy module to allow this access - see
> http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can
> disable
> SELinux protection altogether. Disabling SELinux protection is not
> recommended. Please file a
> http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
> against this package.
>
> Additional Information
>
> Source Context
> system_u:system_r:cupsd_t:SystemLow-SystemHigh
> Target Context
> system_u:system_r:cupsd_t:SystemLow-SystemHigh
> Target Objects None [ process ]
> Affected RPM Packages glibc-2.6-3 [application]
> Policy RPM selinux-policy-2.6.4-13.fc7
> Selinux Enabled True
> Policy Type targeted
> MLS Enabled True
> Enforcing Mode Permissive
> Plugin Name plugins.catchall
> Host Name c79-70.icpnet.pl
> Platform Linux *.icpnet.pl 2.6.21-1.3194.fc7 #1 SMP
> Wed May 23 22:35:01 EDT 2007 i686 athlon
> Alert Count 1
> First Seen Sun Jun 10 19:48:42 2007
> Last Seen Sun Jun 10 19:48:42 2007
> Local ID 26616fa9-ba9f-44fb-9cf2-d1940f15217f
> Line Numbers
>
> Raw Audit Messages
>
> avc: denied { execmem } for comm="ld-linux.so.2" egid=7 euid=4
> exe="/lib/ld-2.6.so" exit=0 fsgid=7 fsuid=4 gid=7 items=0 pid=3240
> scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
> subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=process
> tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tty=(none) uid=4
>
>
> On Fc 6 turboprint was working fine.
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Sorry about missing this, my junk mail filters ate it.
This looks like a badly written application that would require execmem.
You can allow this by executing
# grep execmem /var/log/audit/audit/audit.log | audit2allow -M mycups
# semodule -i mycups.pp
You should report this as a bug to turboprint.
This link explains the violation
SELinux Memory Protection Tests
<http://people.redhat.com/%7Edrepper/selinux-mem.html>
More information about the fedora-selinux-list
mailing list