LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Fedora (http://www.linuxquestions.org/questions/fedora-35/)
-   -   SELinux & colord-sane warning (http://www.linuxquestions.org/questions/fedora-35/selinux-and-colord-sane-warning-4175449006/)

CollieJim 02-07-2013 06:36 AM

SELinux & colord-sane warning
 
Every time I boot Fedora 17 I get an SELinux warning:
Code:

SELinux has detected a problem.
The source process: /usr/libexec/colord-sane
Attempted this access:  name_connect
On this tcp_socket: <blank>

Is it a valid warning?
It looks like colord-sane is trying to access the LAN. Why?
How do I get rid of it?
I want other warnings, but not this one. I click "Ignore" but it keeps coming back.

Thanks
Jim

unSpawn 02-07-2013 08:08 AM

Run this to see what package this item belongs to and what it does:
Code:

rpm -qi colord
Run this to check for resources:
Code:

apropos color
Check the manual page:
Code:

man colormgr
and see the documentation (if any):
Code:

less /usr/share/doc/colord/README
Post contents of "/tmp/colord-sane.log" from running this:
Code:

grep colord-sane /var/log/audit/audit.log|audit2allow 2>&1 | tee /tmp/colord-sane.log

CollieJim 02-08-2013 12:49 AM

Thanks. From the log it looks like the SELinux message is a bug?

Code:

# grep colord-sane /var/log/audit/audit.log|audit2allow 2>&1 | tee /tmp/colord-sane.log


#============= colord_t ==============
#!!!! This avc can be allowed using the boolean 'allow_ypbind'

allow colord_t unreserved_port_t:tcp_socket name_connect;


unSpawn 02-08-2013 04:40 AM

No, not a bug. See 'man setsebool' for what 'setsebool -P allow_ypbind=on' would do.

CollieJim 02-08-2013 05:27 AM

It looks like my reading comprehension needs an upgrade!

I can stop the message now, but I will look into why colord-sane needs to use a tcp socket.

Thanks for the help.

unSpawn 02-08-2013 06:08 AM

Since your reading comprehension seems OK to me I'll leave you with two tickets, related, entertaining and informative:
https://bugzilla.redhat.com/show_bug.cgi?id=875424
https://bugzilla.redhat.com/show_bug.cgi?id=756334


All times are GMT -5. The time now is 01:00 AM.