Description of problem: Just using thunar to browse directories and opening some archives with xarchiver. SELinux is preventing pool from 'map' accesses on the file /media/NAS/archive/books/zemedelie/Zepp-2.djvu. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that pool should be allowed map access on the Zepp-2.djvu file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'pool' --raw | audit2allow -M my-pool # semodule -X 300 -i my-pool.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:removable_t:s0 Target Objects /media/NAS/archive/books/zemedelie/Zepp-2.djvu [ file ] Source pool Source Path pool Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.13.1-283.14.fc27.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.13.12-300.fc27.x86_64 #1 SMP Wed Nov 8 16:38:01 UTC 2017 x86_64 x86_64 Alert Count 402 First Seen 2017-12-06 12:09:34 EET Last Seen 2017-12-06 12:09:44 EET Local ID e29b7fd6-1a08-4067-8ec4-e832c4a73c85 Raw Audit Messages type=AVC msg=audit(1512554984.825:3359): avc: denied { map } for pid=10937 comm="evince-thumbnai" path="/media/NAS/archive/books/zemedelie/Zepp-2.djvu" dev="sde2" ino=7215184 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:removable_t:s0 tclass=file permissive=0 Hash: pool,thumb_t,removable_t,file,map Version-Release number of selected component: selinux-policy-3.13.1-283.14.fc27.noarch Additional info: component: selinux-policy reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.13.12-300.fc27.x86_64 type: libreport
Description of problem: Opening external USB HDD with Thunar on XFCE DE. Version-Release number of selected component: selinux-policy-3.13.1-283.14.fc27.noarch Additional info: reporter: libreport-2.9.3 hashmarkername: setroubleshoot kernel: 4.14.5-300.fc27.x86_64 type: libreport
I'm seeing this with a USB drive with kernel 4.14.7-300.fc27.x86_64 and selinux-policy-3.13.1-283.17.fc27.noarch. The SELinux Alert Browser displayed an older alert when the detection occurred. The correct message could be found in /var/log/messages. I'm confused as to what kind of "pool" it's referring to.
selinux-policy-3.13.1-283.20.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4
selinux-policy-3.13.1-283.20.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4
selinux-policy-3.13.1-283.21.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4
selinux-policy-3.13.1-283.21.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-0d8506aba4
selinux-policy-3.13.1-283.21.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.