Description of problem: It appeared while I was adding accounts to gnome accounts. Not sure if it has something related to it but at the same time gnome account hangs. SELinux is preventing gsf-office-thum from 'create' accesses on the unix_dgram_socket Unknown. ***** Plugin catchall (100. confidence) suggests ************************** If cree que de manera predeterminada, gsf-office-thum debería permitir acceso create sobre Unknown unix_dgram_socket. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do allow this access for now by executing: # ausearch -c 'gsf-office-thum' --raw | audit2allow -M my-gsfofficethum # semodule -X 300 -i my-gsfofficethum.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ unix_dgram_socket ] Source gsf-office-thum Source Path gsf-office-thum Port <Desconocido> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-257.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 4.11.6-300.fc26.x86_64 #1 SMP Mon Jun 19 17:19:26 UTC 2017 x86_64 x86_64 Alert Count 4 First Seen 2017-05-25 19:27:33 -03 Last Seen 2017-06-22 22:45:59 -03 Local ID 2507b18b-a051-462c-a05f-9c39c879e850 Raw Audit Messages type=AVC msg=audit(1498182359.61:272): avc: denied { create } for pid=16155 comm="gsf-office-thum" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=unix_dgram_socket permissive=1 Hash: gsf-office-thum,thumb_t,thumb_t,unix_dgram_socket,create Version-Release number of selected component: selinux-policy-3.13.1-257.fc26.noarch Additional info: component: selinux-policy reporter: libreport-2.9.1 hashmarkername: setroubleshoot kernel: 4.11.6-300.fc26.x86_64 type: libreport Potential duplicate: bug 1429243
*** Bug 1429243 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-259.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-7b51a015cb
selinux-policy-3.13.1-259.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-7b51a015cb
selinux-policy-3.13.1-259.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Today, 18 August 2017, I got this on a Fedora26: SELinux is preventing gsf-office-thum from write access on the sock_file socket. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gsf-office-thum should be allowed write access on the socket sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gsf-office-thum' --raw | audit2allow -M my-gsfofficethum # semodule -X 300 -i my-gsfofficethum.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:syslogd_var_run_t:s0 Target Objects socket [ sock_file ] Source gsf-office-thum Source Path gsf-office-thum Port <Unknown> Host becker.localdomain Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-260.4.fc26.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name becker.localdomain Platform Linux becker.localdomain 4.12.5-300.fc26.x86_64 #1 SMP Mon Aug 7 15:27:25 UTC 2017 x86_64 x86_64 Alert Count 29 First Seen 2017-01-19 19:22:24 -03 Last Seen 2017-08-18 05:58:09 -03 Local ID 702b98bf-20e3-4226-824f-5a038ff5a890 Raw Audit Messages type=AVC msg=audit(1503046689.138:259): avc: denied { write } for pid=2638 comm="gsf-office-thum" name="socket" dev="tmpfs" ino=13296 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:syslogd_var_run_t:s0 tclass=sock_file permissive=1 Hash: gsf-office-thum,thumb_t,syslogd_var_run_t,sock_file,write