Bug 1074190 - SELinux is preventing /usr/bin/totem-video-thumbnailer from 'add_name' accesses on the directory .
Summary: SELinux is preventing /usr/bin/totem-video-thumbnailer from 'add_name' access...
Keywords:
Status: CLOSED DUPLICATE of bug 1026421
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 20
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:60dd15e8b83090e0fef1fdd2532...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-03-08 19:30 UTC by cz-mail
Modified: 2014-03-10 09:13 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-10 09:13:11 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description cz-mail 2014-03-08 19:30:36 UTC 
Description of problem:
I opened a Nautilus window from within the Tor Browser Bundle and another one from within that window by right-clicking on ‘Computer’ (i.e. file system) and choosing ‘Open in new window’ — Having navigated to the folder of my choice, I dragged an item from the Tor Browser folder to my home directory’s Downloads folder, and, after thumbnailing that one item, upon further attempts to thumbnail similar items (all PDFs) that had not been thumbnailed yet, SELinux prevented the thumbnailer from doing so.
SELinux is preventing /usr/bin/totem-video-thumbnailer from 'add_name' accesses on the directory .

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that totem-video-thumbnailer should be allowed add_name access on the  directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                 [ dir ]
Source                        totem-video-thu
Source Path                   /usr/bin/totem-video-thumbnailer
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           totem-3.10.1-1.fc20.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-122.fc20.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.13.5-202.fc20.x86_64 #1 SMP Mon
                              Mar 3 19:08:00 UTC 2014 x86_64 x86_64
Alert Count                   2
First Seen                    2014-03-08 20:20:33 CET
Last Seen                     2014-03-08 20:20:35 CET
Local ID                      3bced387-15d6-4712-8a3b-ce3e9dc1818b

Raw Audit Messages
type=AVC msg=audit(1394306435.133:534): avc:  denied  { add_name } for  pid=5283 comm="totem-video-thu" name="gstreamer-1.0" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir


type=SYSCALL msg=audit(1394306435.133:534): arch=x86_64 syscall=mkdir success=no exit=EACCES a0=27e6bc0 a1=1ff a2=27e6bf4 a3=7fff9f53e9d0 items=0 ppid=5208 pid=5283 auid=1977 uid=1977 gid=1977 euid=1977 suid=1977 fsuid=1977 egid=1977 sgid=1977 fsgid=1977 ses=1 tty=(none) comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)

Hash: totem-video-thu,thumb_t,user_home_t,dir,add_name

Additional info:
reporter:       libreport-2.1.12
hashmarkername: setroubleshoot
kernel:         3.13.5-202.fc20.x86_64
type:           libreport
Comment 1 Miroslav Grepl 2014-03-10 09:13:11 UTC 

*** This bug has been marked as a duplicate of bug 1026421 ***
Note You need to log in before you can comment on or make changes to this bug.