-   Fedora (
-   -   SELinux & colord-sane warning (

CollieJim 02-07-2013 06:36 AM

SELinux & colord-sane warning
Every time I boot Fedora 17 I get an SELinux warning:

SELinux has detected a problem.
The source process: /usr/libexec/colord-sane
Attempted this access:  name_connect
On this tcp_socket: <blank>

Is it a valid warning?
It looks like colord-sane is trying to access the LAN. Why?
How do I get rid of it?
I want other warnings, but not this one. I click "Ignore" but it keeps coming back.


unSpawn 02-07-2013 08:08 AM

Run this to see what package this item belongs to and what it does:

rpm -qi colord
Run this to check for resources:

apropos color
Check the manual page:

man colormgr
and see the documentation (if any):

less /usr/share/doc/colord/README
Post contents of "/tmp/colord-sane.log" from running this:

grep colord-sane /var/log/audit/audit.log|audit2allow 2>&1 | tee /tmp/colord-sane.log

CollieJim 02-08-2013 12:49 AM

Thanks. From the log it looks like the SELinux message is a bug?


# grep colord-sane /var/log/audit/audit.log|audit2allow 2>&1 | tee /tmp/colord-sane.log

#============= colord_t ==============
#!!!! This avc can be allowed using the boolean 'allow_ypbind'

allow colord_t unreserved_port_t:tcp_socket name_connect;

unSpawn 02-08-2013 04:40 AM

No, not a bug. See 'man setsebool' for what 'setsebool -P allow_ypbind=on' would do.

CollieJim 02-08-2013 05:27 AM

It looks like my reading comprehension needs an upgrade!

I can stop the message now, but I will look into why colord-sane needs to use a tcp socket.

Thanks for the help.

unSpawn 02-08-2013 06:08 AM

Since your reading comprehension seems OK to me I'll leave you with two tickets, related, entertaining and informative:

All times are GMT -5. The time now is 08:26 PM.