On 01/04/2010 12:52 PM, Paolo Galtieri wrote:
I've started seeing this selinux alert
SELinux is preventing /usr/sbin/cupsd ipc_lock access.
[cupsd has a permissive type (cupsd_t). This access was not denied.]SELinux
denied access requested by cupsd. It is not expected that this access is
required by cupsd and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application
is causing it to require additional access
Is this something I should be concerned about?
THis is something new and will be allowed in the next policy update. Not
really something to be concerned about.
I'm also seeing this alert
SELinux is preventing /usr/bin/gok getattr access on /var/mail.
SELinux denied access requested by gok. It is not expected that this access
is required by gok and this access may signal an intrusion attempt. It is
also possible that the specific version or configuration of the application
is causing it to require additional access.
I don't use gok so I'm not sure why I'm getting these alerts.
gok is doing a getattr on all mounted file systems, which is probably causing
this avc. It will also be allowed in next release.
Fixed in selinux-policy-3.6.32-66.fc12.noarch
Paolo
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines