Bug 1074190

Summary: SELinux is preventing /usr/bin/totem-video-thumbnailer from 'add_name' accesses on the directory .
Product: [Fedora] Fedora Reporter: cz-mail
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 20CC: dominick.grift, dwalsh, lvrabec, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Unspecified   
Whiteboard: abrt_hash:60dd15e8b83090e0fef1fdd25324188f7270d65d0fc71743f2703e1213ab7afe
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-03-10 09:13:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description cz-mail 2014-03-08 19:30:36 UTC 
Description of problem:
I opened a Nautilus window from within the Tor Browser Bundle and another one from within that window by right-clicking on ‘Computer’ (i.e. file system) and choosing ‘Open in new window’ — Having navigated to the folder of my choice, I dragged an item from the Tor Browser folder to my home directory’s Downloads folder, and, after thumbnailing that one item, upon further attempts to thumbnail similar items (all PDFs) that had not been thumbnailed yet, SELinux prevented the thumbnailer from doing so.
SELinux is preventing /usr/bin/totem-video-thumbnailer from 'add_name' accesses on the directory .

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that totem-video-thumbnailer should be allowed add_name access on the  directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                 [ dir ]
Source                        totem-video-thu
Source Path                   /usr/bin/totem-video-thumbnailer
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           totem-3.10.1-1.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-122.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.13.5-202.fc20.x86_64 #1 SMP Mon
                              Mar 3 19:08:00 UTC 2014 x86_64 x86_64
Alert Count                   2
First Seen                    2014-03-08 20:20:33 CET
Last Seen                     2014-03-08 20:20:35 CET
Local ID                      3bced387-15d6-4712-8a3b-ce3e9dc1818b

Raw Audit Messages
type=AVC msg=audit(1394306435.133:534): avc:  denied  { add_name } for  pid=5283 comm="totem-video-thu" name="gstreamer-1.0" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir


type=SYSCALL msg=audit(1394306435.133:534): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=27e6bc0 a1=1ff a2=27e6bf4 a3=7fff9f53e9d0 items=0 ppid=5208 pid=5283 auid=1977 uid=1977 gid=1977 euid=1977 suid=1977 fsuid=1977 egid=1977 sgid=1977 fsgid=1977 ses=1 tty=(none) comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)

Hash: totem-video-thu,thumb_t,user_home_t,dir,add_name

Additional info:
reporter:       libreport-2.1.12
hashmarkername: setroubleshoot
kernel:         3.13.5-202.fc20.x86_64
type:           libreport
Comment 1 Miroslav Grepl 2014-03-10 09:13:11 UTC 

*** This bug has been marked as a duplicate of bug 1026421 ***