Description of problem: SELinux is preventing gdk-pixbuf-thum from using the 'dac_override' capabilities. ***** Plugin dac_override (91.4 confidence) suggests ********************** Si desea ayudar a identificar si el dominio necesita este acceso o bien tiene un archivo con permisos equivocados en el sistema Then active la auditoría completa para obtener información de la ruta relacionada con el archivo conflictivo, y vuelva a generar el error. Do Active auditoría completa # auditctl -w /etc/shadow -p w Intente recrear el AVC. Luego ejecute # ausearch -m avc -ts recent Si observa un registro PATH compruebe los permisos y propietarios del archivo y corríjalos, o bien abra un informe en bugzilla. ***** Plugin catchall (9.59 confidence) suggests ************************** Si cree que gdk-pixbuf-thum debería tener la capacidad de dac_override de forma predeterminada. Then debería reportar esto como un error. Puede generar un módulo de política local para permitir este acceso. Do permita el acceso temporalmente ejecutando: # ausearch -c 'gdk-pixbuf-thum' --raw | audit2allow -M mi-gdkpixbufthum # semodule -X 300 -i mi-gdkpixbufthum.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ capability ] Source gdk-pixbuf-thum Source Path gdk-pixbuf-thum Port <Desconocido> Host (removed) Source RPM Packages Target RPM Packages Policy RPM selinux-policy-3.14.1-32.fc28.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 4.16.14-300.fc28.x86_64 #1 SMP Tue Jun 5 16:23:44 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-06-13 17:39:07 -04 Last Seen 2018-06-13 17:39:07 -04 Local ID 622b4fc0-b12b-4970-9469-2fbf07f0325b Raw Audit Messages type=AVC msg=audit(1528925947.448:3449): avc: denied { dac_override } for pid=11526 comm="gdk-pixbuf-thum" capability=1 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability permissive=0 Hash: gdk-pixbuf-thum,thumb_t,thumb_t,capability,dac_override Version-Release number of selected component: selinux-policy-3.14.1-32.fc28.noarch Additional info: component: selinux-policy reporter: libreport-2.9.5 hashmarkername: setroubleshoot kernel: 4.16.14-300.fc28.x86_64 type: libreport Potential duplicate: bug 1470024
selinux-policy-3.14.1-36.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-1050fb248b
selinux-policy-3.14.1-36.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.