cups/snmpd_var_lib_t

Tom London selinux at gmail.com
Wed Sep 12 16:18:18 UTC 2007 

Got this when printing:

Summary
    SELinux is preventing /usr/lib/cups/backend/hp (cupsd_t) "getattr" to
    /usr/share/snmp/mibs/.index (snmpd_var_lib_t).

Detailed Description
    SELinux denied access requested by /usr/lib/cups/backend/hp. It is not
    expected that this access is required by /usr/lib/cups/backend/hp and this
    access may signal an intrusion attempt. It is also possible that the
    specific version or configuration of the application is causing it to
    require additional access.

Allowing Access
    Sometimes labeling problems can cause SELinux denials.  You could try to
    restore the default system file context for /usr/share/snmp/mibs/.index,
    restorecon -v /usr/share/snmp/mibs/.index If this does not work, there is
    currently no automatic way to allow this access. Instead,  you can generate
    a local policy module to allow this access - see
    http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
    SELinux protection altogether. Disabling SELinux protection is not
    recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
    against this package.

Additional Information

Source Context                system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context                system_u:object_r:snmpd_var_lib_t
Target Objects                /usr/share/snmp/mibs/.index [ file ]
Affected RPM Packages         hplip-2.7.7-4.fc8 [application]
Policy RPM                    selinux-policy-3.0.7-10.fc8
Selinux Enabled               True
Policy Type                   targeted
MLS Enabled                   True
Enforcing Mode                Enforcing
Plugin Name                   plugins.catchall_file
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 2.6.23-0.174.rc6.fc8
                              #1 SMP Tue Sep 11 19:06:17 EDT 2007 i686 i686
Alert Count                   4
First Seen                    Wed 12 Sep 2007 09:09:26 AM PDT
Last Seen                     Wed 12 Sep 2007 09:11:38 AM PDT
Local ID                      147ebf61-d964-48b7-b572-befcad9e1411
Line Numbers

Raw Audit Messages

avc: denied { getattr } for comm=hp dev=dm-0 egid=7 euid=4
exe=/usr/lib/cups/backend/hp exit=-13 fsgid=7 fsuid=4 gid=7 items=0
path=/usr/share/snmp/mibs/.index pid=6246
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:snmpd_var_lib_t:s0 tty=(none) uid=4


-- 
Tom London

More information about the fedora-selinux-list mailing list