Description of problem: SELinux is preventing totem-video-thu from using the 'dac_read_search' capabilities. ***** Plugin dac_override (91.4 confidence) suggests ********************** If 您希望協助辨識領域是否需要此存取許可,或是您的系統上是否有錯誤許可權設定的檔案 Then 開啟完整稽核以取得有關於違例檔案的相關資訊,並再次產生錯誤。 Do 開啟完整稽核 # auditctl -w /etc/shadow -p w 嘗試重新建立 AVC。然後執行 # ausearch -m avc -ts recent 若您看見 PATH record,請檢查檔案上的擁有權/許可權設定,並將它修正, 否則請將它提交至 bugzilla。 ***** Plugin catchall (9.59 confidence) suggests ************************** If 您認為 totem-video-thu 就預設值應擁有 dac_read_search 能力。 Then 您應將此回報為錯誤。 您可產生本機模組,以允許這項存取。 Do 現在透過執行以下指令來允許此存取: # grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ capability ] Source totem-video-thu Source Path totem-video-thu Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-154.fc23.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.2.5-300.fc23.x86_64 #1 SMP Tue Oct 27 04:29:56 UTC 2015 x86_64 x86_64 Alert Count 41 First Seen 2015-11-16 05:17:54 CST Last Seen 2015-11-16 05:17:55 CST Local ID 31323613-1a62-4f88-8803-983a6272b411 Raw Audit Messages type=AVC msg=audit(1447622275.324:3524): avc: denied { dac_read_search } for pid=6757 comm="totem-video-thu" capability=2 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0 Hash: totem-video-thu,thumb_t,thumb_t,capability,dac_read_search Version-Release number of selected component: selinux-policy-3.13.1-154.fc23.noarch Additional info: reporter: libreport-2.6.3 hashmarkername: setroubleshoot kernel: 4.2.6-300.fc23.x86_64 type: libreport Potential duplicate: bug 1276902
You are running X Apps as root, this is unsupported.
*** Bug 1310309 has been marked as a duplicate of this bug. ***