Description of problem: Occurs during Fedora 21 installation SELinux is preventing totem-video-thu from 'getattr' accesses on the unix_stream_socket unix_stream_socket. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that totem-video-thu should be allowed getattr access on the unix_stream_socket unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0 :c0.c1023 Target Objects unix_stream_socket [ unix_stream_socket ] Source totem-video-thu Source Path totem-video-thu Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-76.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.16.1-301.fc21.x86_64 #1 SMP Mon Aug 25 13:06:39 UTC 2014 x86_64 x86_64 Alert Count 1 First Seen 2014-08-28 14:19:53 EDT Last Seen 2014-08-28 14:19:53 EDT Local ID f09cd2bc-4a7f-483d-a672-d48d62bda201 Raw Audit Messages type=AVC msg=audit(1409249993.396:459): avc: denied { getattr } for pid=2846 comm="totem-video-thu" path="socket:[29415]" dev="sockfs" ino=29415 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023 tclass=unix_stream_socket permissive=1 Hash: totem-video-thu,thumb_t,unconfined_dbusd_t,unix_stream_socket,getattr Version-Release number of selected component: selinux-policy-3.13.1-76.fc21.noarch Additional info: reporter: libreport-2.2.3 hashmarkername: setroubleshoot kernel: 3.16.1-301.fc21.x86_64 type: libreport
5f4fbd437e4f82faad4c7154ab736407ac4bd889 adds a dontaudit for this.
commit 5f4fbd437e4f82faad4c7154ab736407ac4bd889 Author: Dan Walsh <dwalsh> Date: Fri Aug 29 07:10:54 2014 -0400 Dontaudit leaks of file descriptors from domains that transition to thumb_t https://github.com/selinux-policy/selinux-policy/commit/5f4fbd437e4f82faad4c7154ab736407ac4bd889
selinux-policy-3.13.1-79.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-79.fc21
Package selinux-policy-3.13.1-79.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-79.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-10624/selinux-policy-3.13.1-79.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-79.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.