Bug 1333174 - SELinux is preventing totem-video-thu from 'write' accesses on the directory .cache.
Summary: SELinux is preventing totem-video-thu from 'write' accesses on the directory ...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 23
Hardware: x86_64
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:d2f6e833bb53226303927f293c4...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-05-04 20:42 UTC by Christopher Beland
Modified: 2016-07-20 19:01 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2016-05-06 16:32:25 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Christopher Beland 2016-05-04 20:42:38 UTC 
Description of problem:
Not sure why this is happening; it seemed to occur when I started Nautilus and browsed through some files.
SELinux is preventing totem-video-thu from 'write' accesses on the directory .cache.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that totem-video-thu should be allowed write access on the .cache directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c totem-video-thu --raw | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                .cache [ dir ]
Source                        totem-video-thu
Source Path                   totem-video-thu
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-158.14.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.4.8-300.fc23.x86_64 #1 SMP Wed
                              Apr 20 16:59:27 UTC 2016 x86_64 x86_64
Alert Count                   15
First Seen                    2016-05-04 16:36:33 EDT
Last Seen                     2016-05-04 16:36:49 EDT
Local ID                      3960721b-b5c7-48d8-9702-d815915f66f3

Raw Audit Messages
type=AVC msg=audit(1462394209.228:1646): avc:  denied  { write } for  pid=26302 comm="totem-video-thu" name=".cache" dev="sda1" ino=17435318 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=dir permissive=0


Hash: totem-video-thu,thumb_t,user_home_t,dir,write

Version-Release number of selected component:
selinux-policy-3.13.1-158.14.fc23.noarch

Additional info:
reporter:       libreport-2.6.4
hashmarkername: setroubleshoot
kernel:         4.4.8-300.fc23.x86_64
type:           libreport

Potential duplicate: bug 820860
Comment 1 Miroslav Grepl 2016-05-05 07:14:21 UTC 
Could you try to execute

$ restorecon -R -v ~/


It will fix labeling for your homedir if there are labeling issues.
Comment 2 Christopher Beland 2016-07-20 19:01:42 UTC 
Ran that, doesn't seem to be having problems now.  Thanks!
Note You need to log in before you can comment on or make changes to this bug.