Description of problem: no idea SELinux is preventing gst-plugin-scan from using the 'dac_read_search' capabilities. ***** Plugin dac_override (91.4 confidence) suggests ********************** If si vuole aiutare ad identificare se al dominio serva questo accesso o se si possiede un file con i permessi sbagliati sul sistema Then attivare l'auditing completo per ottenere le informazioni del percorso del file incriminato e generare nuovamente l'errore. Do Abilitare l'auditing completo # auditctl -w /etc/shadow -p w Provare a rigenerare AVC. Quindi eseguire # ausearch -m avc -ts recent Se si vede il campo PATH controllare il proprietario/permessi del file, quindi aggiustarlo, altrimenti inviare il bug a bugzilla. ***** Plugin catchall (9.59 confidence) suggests ************************** If si pensa che gst-plugin-scan dovrebbe avere funzionalità dac_read_search in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep gst-plugin-scan /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ capability ] Source gst-plugin-scan Source Path gst-plugin-scan Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-154.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.6-300.fc23.x86_64 #1 SMP Tue Nov 10 19:32:21 UTC 2015 x86_64 x86_64 Alert Count 8 First Seen 2015-11-20 16:44:45 CET Last Seen 2015-11-20 16:44:50 CET Local ID e94f0273-f6a1-4232-8029-810ce6578962 Raw Audit Messages type=AVC msg=audit(1448034290.120:690): avc: denied { dac_read_search } for pid=4743 comm="totem-video-thu" capability=2 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0 Hash: gst-plugin-scan,thumb_t,thumb_t,capability,dac_read_search Version-Release number of selected component: selinux-policy-3.13.1-154.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-300.fc23.x86_64 type: libreport Potential duplicate: bug 1260127
You are running X apps as root, this is not supported. It is very dangerous to run X Apps as root.
*** Bug 1307122 has been marked as a duplicate of this bug. ***
*** Bug 1315428 has been marked as a duplicate of this bug. ***