View Issue Details

IDProjectCategoryView StatusLast Update
0016122CentOS-7selinux-policypublic2019-05-28 20:58
Reportergudisa 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0016122: SELinux is preventing /usr/lib/cups/backend/mfp from unix_read, unix_write access on the memoria compartida labeled ...
DescriptionDescription of problem:
La impresora laser Samsung modelo ML1740 no funciona con el driver propio del sistema operativo.

Para tratar de subsanar esto sstaba instlanado el driver unificado de impresoras Samsung.

SeLinux interrumpió el proceso al 95 % no se si la impresora va a funcionar.
SELinux is preventing /usr/lib/cups/backend/mfp from unix_read, unix_write access on the memoria compartida labeled unconfined_t.

***** Plugin catchall (100. confidence) suggests **************************

Si cree que de manera predeterminada se debería permitir a mfp el acceso unix_read unix_write sobre shm etiquetados como unconfined_t.
Then debería reportar esto como un error.
Puede generar un módulo de política local para permitir este acceso.
Do
permita el acceso temporalmente ejecutando:
# ausearch -c 'mfp' --raw | audit2allow -M mi-mfp
# semodule -i mi-mfp.pp

Additional Information:
Source Context system_u:system_r:cupsd_t:s0-s0:c0.c1023
Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Objects Unknown [ shm ]
Source mfp
Source Path /usr/lib/cups/backend/mfp
Port <Unknown>
Host (removed)
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.12.1.el7.x86_64 #1 SMP
                              Mon Apr 29 14:59:59 UTC 2019 x86_64 x86_64
Alert Count 3
First Seen 2019-05-28 17:50:38 -03
Last Seen 2019-05-28 17:50:38 -03
Local ID a7fc46c5-2293-44f1-88cd-068b247fdbc7

Raw Audit Messages
type=AVC msg=audit(1559076638.779:1405): avc: denied { unix_read unix_write } for pid=23139 comm="mfp" key=-324508613 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=shm permissive=0


type=SYSCALL msg=audit(1559076638.779:1405): arch=x86_64 syscall=shmget success=no exit=EACCES a0=eca8643b a1=1000 a2=3b6 a3=7ffcfd5a1780 items=0 ppid=22698 pid=23139 auid=4294967295 uid=0 gid=7 euid=0 suid=0 fsuid=0 egid=7 sgid=7 fsgid=7 tty=(none) ses=4294967295 comm=mfp exe=/usr/lib/cups/backend/mfp subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 key=(null)

Hash: mfp,cupsd_t,unconfined_t,shm,unix_read,unix_write

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.12.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.1.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash112f253aa8e5c0f76e58c7bbf3679fbf2db15b0460ce0a78032249806bf23a04
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2019-05-28 20:58 gudisa New Issue