Hi guys im using turboprint drivers for my IP 1000 Canon. When i try to print from Open Office i get this below:
sealert -l 26616fa9-ba9f-44fb-9cf2-d1940f15217f Summary SELinux is preventing /lib/ld-2.6.so (cupsd_t) "execmem" to <Nieznane> (cupsd_t).
Detailed Description SELinux denied access requested by /lib/ld-2.6.so. It is not expected that this access is required by /lib/ld-2.6.so and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Objects None [ process ] Affected RPM Packages glibc-2.6-3 [application] Policy RPM selinux-policy-2.6.4-13.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name c79-70.icpnet.pl Platform Linux *.icpnet.pl 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:35:01 EDT 2007 i686 athlon Alert Count 1 First Seen Sun Jun 10 19:48:42 2007 Last Seen Sun Jun 10 19:48:42 2007 Local ID 26616fa9-ba9f-44fb-9cf2-d1940f15217f Line Numbers
Raw Audit Messages
avc: denied { execmem } for comm="ld-linux.so.2" egid=7 euid=4 exe="/lib/ld-2.6.so" exit=0 fsgid=7 fsuid=4 gid=7 items=0 pid=3240 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=process tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tty=(none) uid=4
On Fc 6 turboprint was working fine.
piotreek23@gmail.com wrote:
Hi guys im using turboprint drivers for my IP 1000 Canon. When i try to print from Open Office i get this below:
sealert -l 26616fa9-ba9f-44fb-9cf2-d1940f15217f Summary SELinux is preventing /lib/ld-2.6.so (cupsd_t) "execmem" to <Nieznane> (cupsd_t).
Detailed Description SELinux denied access requested by /lib/ld-2.6.so. It is not expected that this access is required by /lib/ld-2.6.so and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access You can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package.
Additional Information
Source Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Context system_u:system_r:cupsd_t:SystemLow-SystemHigh Target Objects None [ process ] Affected RPM Packages glibc-2.6-3 [application] Policy RPM selinux-policy-2.6.4-13.fc7 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Permissive Plugin Name plugins.catchall Host Name c79-70.icpnet.pl Platform Linux *.icpnet.pl 2.6.21-1.3194.fc7 #1 SMP Wed May 23 22:35:01 EDT 2007 i686 athlon Alert Count 1 First Seen Sun Jun 10 19:48:42 2007 Last Seen Sun Jun 10 19:48:42 2007 Local ID 26616fa9-ba9f-44fb-9cf2-d1940f15217f Line Numbers
Raw Audit Messages
avc: denied { execmem } for comm="ld-linux.so.2" egid=7 euid=4 exe="/lib/ld-2.6.so" exit=0 fsgid=7 fsuid=4 gid=7 items=0 pid=3240 scontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 sgid=7 subj=system_u:system_r:cupsd_t:s0-s0:c0.c1023 suid=4 tclass=process tcontext=system_u:system_r:cupsd_t:s0-s0:c0.c1023 tty=(none) uid=4
On Fc 6 turboprint was working fine.
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Sorry about missing this, my junk mail filters ate it.
This looks like a badly written application that would require execmem. You can allow this by executing
# grep execmem /var/log/audit/audit/audit.log | audit2allow -M mycups # semodule -i mycups.pp
You should report this as a bug to turboprint.
This link explains the violation SELinux Memory Protection Tests http://people.redhat.com/%7Edrepper/selinux-mem.html
selinux@lists.fedoraproject.org