Description of problem: SELinux is preventing totem-video-thu from read, write access on the chr_file /dev/console. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that totem-video-thu should be allowed read write access on the console chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:console_device_t:s0 Target Objects /dev/console [ chr_file ] Source totem-video-thu Source Path totem-video-thu Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-154.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.6-300.fc23.x86_64+debug #1 SMP Tue Nov 10 19:17:39 UTC 2015 x86_64 x86_64 Alert Count 67 First Seen 2015-11-12 23:43:30 YEKT Last Seen 2015-11-15 11:58:54 YEKT Local ID 98f165e8-c9b7-4823-8e11-9f5edbdd91c2 Raw Audit Messages type=AVC msg=audit(1447570734.503:8789): avc: denied { read write } for pid=21379 comm="totem-video-thu" path="/dev/console" dev="devtmpfs" ino=1036 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:console_device_t:s0 tclass=chr_file permissive=0 Hash: totem-video-thu,thumb_t,console_device_t,chr_file,read,write Version-Release number of selected component: selinux-policy-3.13.1-154.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-300.fc23.x86_64+debug type: libreport
https://github.com/fedora-selinux/selinux-policy/pull/77 commit 49be98aca4f505ee8a9940734db2378ed5c57fad Author: Vit Mojzis <vmojzis> Date: Wed Dec 2 18:17:36 2015 +0100 Dontaudit attempts of thumb_t to use console output. #1282170
selinux-policy-3.13.1-157.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-b4167d5fd0
selinux-policy-3.13.1-157.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-b4167d5fd0
selinux-policy-3.13.1-157.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.