Bug 873946
Summary: | SELinux is preventing /usr/bin/totem-video-thumbnailer from 'unlink' accesses on the file /home/mikhail/.cache/gstreamer-1.0/registry.i686.bin. | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Mikhail <mikhail.v.gavrilov> | ||||||
Component: | selinux-policy | Assignee: | Miroslav Grepl <mgrepl> | ||||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
Severity: | unspecified | Docs Contact: | |||||||
Priority: | unspecified | ||||||||
Version: | 18 | CC: | acc-bugz-redhat, decathorpe, dominick.grift, dwalsh, elad, eleks73, glmakx, mail, mgrepl, mikhail.v.gavrilov, niki.guldbrand, patrys, rxguy, sanjay.ankur, wbb19881018, xaver | ||||||
Target Milestone: | --- | Keywords: | Reopened | ||||||
Target Release: | --- | ||||||||
Hardware: | i686 | ||||||||
OS: | Unspecified | ||||||||
Whiteboard: | abrt_hash:ff376683d24eecc51b2e4e987e94b8108402152fe9e17d4c793be71b9e70551f | ||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2013-01-11 23:13:39 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Mikhail
2012-11-07 03:56:31 UTC
Created attachment 639774 [details]
File: type
Created attachment 639775 [details]
File: hashmarkername
We would need to make /home/mikhail/.cache/gstreamer-1.0 labeled as gstreamer_home_t. I added fixes to see if it works. You can execute # chcon -R -t gstreamer_home_t /home/mikhail/.cache/gstreamer-1.0 Plugged in my usb hdd with videos and stuff. Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow) Videos on a usb pen drive. Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow) Don't exactly know how this happened... :-/ Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow) 1. open nautilus 2. navigate to a folder containing a video file Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow) f23aef5bbc1f2fe410a0a2d4caf8d52b36d6c76e fixes this issue. We have the labels of ~/.cache/.gstreamer instead of ~/.cache/gstreamer, which is causing this problem. Fixed in selinux-policy-3.11.1-55.fc18.noarch selinux-policy-3.11.1-57.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-57.fc18 Package selinux-policy-3.11.1-57.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-57.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-57.fc18 then log in and leave karma (feedback). Package selinux-policy-3.11.1-59.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-59.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-59.fc18 then log in and leave karma (feedback). Opened files with .avi file present Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow) Package selinux-policy-3.11.1-60.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-60.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-60.fc18 then log in and leave karma (feedback). selinux-policy-3.11.1-60.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. $ rpm -q selinux-policy selinux-policy-3.11.1-62.fc18.noarch Problem still occurs # ausearch -m avc -ts recent ---- time->Mon Dec 17 09:56:36 2012 type=SYSCALL msg=audit(1355716596.759:1594): arch=40000003 syscall=38 success=no exit=-13 a0=9daf710 a1=9c18d38 a2=41eeb000 a3=9e04370 items=0 ppid=7051 pid=28119 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716596.759:1594): avc: denied { unlink } for pid=28119 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:37 2012 type=SYSCALL msg=audit(1355716597.499:1595): arch=40000003 syscall=38 success=no exit=-13 a0=a08e710 a1=9ef7d38 a2=41eeb000 a3=a0e3370 items=0 ppid=7051 pid=28139 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716597.499:1595): avc: denied { unlink } for pid=28139 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:38 2012 type=SYSCALL msg=audit(1355716598.015:1596): arch=40000003 syscall=38 success=no exit=-13 a0=8fd2a28 a1=8e5ad38 a2=41eeb000 a3=9046370 items=0 ppid=7051 pid=28161 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716598.015:1596): avc: denied { unlink } for pid=28161 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:38 2012 type=SYSCALL msg=audit(1355716598.485:1597): arch=40000003 syscall=38 success=no exit=-13 a0=9448710 a1=92b1d38 a2=41eeb000 a3=949d370 items=0 ppid=7051 pid=28184 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716598.485:1597): avc: denied { unlink } for pid=28184 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:38 2012 type=SYSCALL msg=audit(1355716598.846:1598): arch=40000003 syscall=38 success=no exit=-13 a0=9595a28 a1=941dd38 a2=41eeb000 a3=9609370 items=0 ppid=7051 pid=28204 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716598.846:1598): avc: denied { unlink } for pid=28204 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file Fixed in selinux-policy-3.11.1-67.fc18.noarch THere is a typo in the file context string cache should be \.cache selinux-policy-3.11.1-67.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-67.fc18 Package selinux-policy-3.11.1-67.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-67.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20813/selinux-policy-3.11.1-67.fc18 then log in and leave karma (feedback). Open folder with media files that nautilus hasn't seen before and will try to create thumbnails for. Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow) Did you get this with selinux-policy-3.11.1-67.fc18? No, I already confirmed7 via bodhi that this bug is fixed with 3.11.1-6. Thanks :) open *txt file in gedit Package: (null) OS Release: Fedora release 18 (Spherical Cow) selinux-policy-3.11.1-67.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |