cups/snmpd_var_lib_t
Tom London
selinux at gmail.com
Wed Sep 12 16:18:18 UTC 2007
Got this when printing:
Summary
SELinux is preventing /usr/lib/cups/backend/hp (cupsd_t) "getattr" to
/usr/share/snmp/mibs/.index (snmpd_var_lib_t).
Detailed Description
SELinux denied access requested by /usr/lib/cups/backend/hp. It is not
expected that this access is required by /usr/lib/cups/backend/hp and this
access may signal an intrusion attempt. It is also possible that the
specific version or configuration of the application is causing it to
require additional access.
Allowing Access
Sometimes labeling problems can cause SELinux denials. You could try to
restore the default system file context for /usr/share/snmp/mibs/.index,
restorecon -v /usr/share/snmp/mibs/.index If this does not work, there is
currently no automatic way to allow this access. Instead, you can generate
a local policy module to allow this access - see
http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable
SELinux protection altogether. Disabling SELinux protection is not
recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi
against this package.
Additional Information
Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh
Target Context system_u:object_r:snmpd_var_lib_t
Target Objects /usr/share/snmp/mibs/.index [ file ]
Affected RPM Packages hplip-2.7.7-4.fc8 [application]
Policy RPM selinux-policy-3.0.7-10.fc8
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Enforcing
Plugin Name plugins.catchall_file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.23-0.174.rc6.fc8
#1 SMP Tue Sep 11 19:06:17 EDT 2007 i686 i686
Alert Count 4
First Seen Wed 12 Sep 2007 09:09:26 AM PDT
Last Seen Wed 12 Sep 2007 09:11:38 AM PDT
Local ID 147ebf61-d964-48b7-b572-befcad9e1411
Line Numbers
Raw Audit Messages
avc: denied { getattr } for comm=hp dev=dm-0 egid=7 euid=4
exe=/usr/lib/cups/backend/hp exit=-13 fsgid=7 fsuid=4 gid=7 items=0
path=/usr/share/snmp/mibs/.index pid=6246
scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7
subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=file
tcontext=system_u:object_r:snmpd_var_lib_t:s0 tty=(none) uid=4
--
Tom London
More information about the fedora-selinux-list
mailing list