Description of problem: SELinux is preventing /usr/bin/totem-video-thumbnailer from 'name_connect' accesses on the tcp_socket . ***** Plugin catchall (100. confidence) suggests *************************** If cree que de manera predeterminada, totem-video-thumbnailer debería permitir acceso name_connect sobre tcp_socket. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso momentáneamente executando: # grep souphttpsrc0:sr /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:http_port_t:s0 Target Objects [ tcp_socket ] Source souphttpsrc0:sr Source Path /usr/bin/totem-video-thumbnailer Port 80 Host (removed) Source RPM Packages totem-3.8.2-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.11.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.11.7-200.fc19.x86_64 #1 SMP Mon Nov 4 14:09:03 UTC 2013 x86_64 x86_64 Alert Count 2 First Seen 2013-11-14 09:42:00 CST Last Seen 2013-11-14 09:42:00 CST Local ID 911a32df-9f80-4e03-b912-dda731eb924b Raw Audit Messages type=AVC msg=audit(1384443720.607:528): avc: denied { name_connect } for pid=5491 comm="souphttpsrc0:sr" dest=80 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:http_port_t:s0 tclass=tcp_socket type=SYSCALL msg=audit(1384443720.607:528): arch=x86_64 syscall=connect success=no exit=EACCES a0=c a1=7f6b2d0cd4f0 a2=10 a3=0 items=0 ppid=5399 pid=5491 auid=1000 uid=1000 gid=1001 euid=1000 suid=1000 fsuid=1000 egid=1001 sgid=1001 fsgid=1001 ses=1 tty=(none) comm=souphttpsrc0:sr exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: souphttpsrc0:sr,thumb_t,http_port_t,tcp_socket,name_connect Additional info: reporter: libreport-2.1.9 hashmarkername: setroubleshoot kernel: 3.11.7-200.fc19.x86_64 type: libreport
This is not something we want to allow or would recommend that you allow. Basically just running nautilus on this image is causing the process to attempt a connection to a remote site. I don't think this is something you should allow.