'avc: denied { read } for pid=249755 comm="lpqd" name="cups.sock"' in RHEL 7.9

Solution Verified - Updated -

Issue

  • If the cups service is running, then each start or restart of the smb service triggers an SELinux denial.:

    type=AVC msg=audit(1600773802.254:25608): avc:  denied  { read } for  pid=249755 comm="lpqd" name="cups.sock" dev="tmpfs" ino=27256 scontext=system_u:system_r:smbd_t:s0 tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file permissive=0
    
  • We are receiving the following SELinux alert:

    SELinux is preventing /usr/sbin/smbd from read access on the sock_file cups.sock.
    
    *****  Plugin catchall (100. confidence) suggests   **************************
    
    If you believe that smbd should be allowed read access on the cups.sock sock_file by default.
    Then you should report this as a bug.
    You can generate a local policy module to allow this access.
    Do allow this access for now by executing:
    # ausearch -c 'lpqd' --raw | audit2allow -M my-lpqd
    # semodule -i my-lpqd.pp
    
    
    Additional Information:
    Source Context                system_u:system_r:smbd_t:s0
    Target Context                system_u:object_r:cupsd_var_run_t:s0
    Target Objects                cups.sock [ sock_file ]
    Source                        lpqd
    Source Path                   /usr/sbin/smbd
    Port                          <Unknown>
    Host                          <ServerName>
    Source RPM Packages           
    Target RPM Packages           
    Policy RPM                    selinux-policy-3.13.1-266.el7_8.1.noarch
    Selinux Enabled               True
    Policy Type                   targeted
    Enforcing Mode                Enforcing
    Host Name                     <ServerName>
    Platform                      Linux <ServerName> 3.10.0-1127.19.1.el7.x86_64 #1 SMP
                                  Tue Aug 11 19:12:04 EDT 2020 x86_64 x86_64
    Alert Count                   109
    First Seen                    2021-02-03 12:42:24 EST
    Last Seen                     2021-02-04 11:12:34 EST
    Local ID                      0809f034-1100-4ecc-ae26-b426c9f0ee5f
    
    Raw Audit Messages
    type=AVC msg=audit(1612455154.21:6010): avc:  denied  { read } for  pid=40989 comm="lpqd"
    name="cups.sock" dev="tmpfs" ino=61401 scontext=system_u:system_r:smbd_t:s0
    tcontext=system_u:object_r:cupsd_var_run_t:s0 tclass=sock_file permissive=0
    

Environment

  • Red Hat Enterprise Linux (RHEL) 7.9
  • samba-4.10.16-5.el7
  • selinux-policy-3.13.1-268

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In