Description of problem: I opened a folder containg EPS files in nautilus. SELinux is preventing mv from using the 'setfscreate' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that mv should be allowed setfscreate access on processes labeled thumb_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep mv /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ process ] Source mv Source Path mv Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-103.fc21.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.17.6-300.fc21.x86_64 #1 SMP Mon Dec 8 22:29:32 UTC 2014 x86_64 x86_64 Alert Count 16 First Seen 2014-12-19 19:21:37 CET Last Seen 2014-12-19 19:21:54 CET Local ID 3a2aaf10-40ad-444e-a7e4-809c5f8e9d8c Raw Audit Messages type=AVC msg=audit(1419013314.510:558): avc: denied { setfscreate } for pid=23091 comm="mv" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process permissive=0 Hash: mv,thumb_t,thumb_t,process,setfscreate Version-Release number of selected component: selinux-policy-3.13.1-103.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.6-300.fc21.x86_64 type: libreport
This shows that the thumb drive is trying to mv files around on your system? Probably not something we like, but we should dontaudit the setfscreate call. b7f2ee9921cd7ef38943e472b399b4bef31a67e2 dontaudits this in git.
Description of problem: Only thing I did that could have triggered this was that I removed a file that nautilus had created a thumbnail for (I think it may me triggered by .dvi files). Version-Release number of selected component: selinux-policy-3.13.1-103.fc21.noarch Additional info: reporter: libreport-2.3.0 hashmarkername: setroubleshoot kernel: 3.17.8-300.fc21.x86_64 type: libreport
commit 3c8ca115e8761de56aba97c2db1a0621d234df74 Author: Dan Walsh <dwalsh> Date: Tue Dec 23 14:55:48 2014 -0500 Dontaudit attempts by thumb_t to setfscreate, this is caused by executing mv command under thumb_t domain
selinux-policy-3.13.1-105.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/selinux-policy-3.13.1-105.fc21
Package selinux-policy-3.13.1-105.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.13.1-105.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-1337/selinux-policy-3.13.1-105.fc21 then log in and leave karma (feedback).
selinux-policy-3.13.1-105.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.