After upgrading from selinux-policy-targeted-34.22-1 to selinux-policy-targeted-34.23-1 I am receiving a lot of AVC denials from selinux when using file explorer windows on the MATE desktop due to the atril-thumbnail application being denied access to the sock_file bus. I tried upgrading to the selinux-policy-targeted-34.24-1 in the testing repo, but the denials still happen on that version. The full details from the AVC denial are: SELinux is preventing atril-thumbnail from write access on the sock_file bus. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that atril-thumbnail should be allowed write access on the bus sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'atril-thumbnail' --raw | audit2allow -M my-atrilthumbnail # semodule -X 300 -i my-atrilthumbnail.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:session_dbusd_tmp_t:s0 Target Objects bus [ sock_file ] Source atril-thumbnail Source Path atril-thumbnail Port <Unknown> Host humboldt Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-34.24-1.fc34.noarch Local Policy RPM selinux-policy-targeted-34.24-1.fc34.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name humboldt Platform Linux humboldt 5.15.14-100.fc34.x86_64 #1 SMP Tue Jan 11 16:53:51 UTC 2022 x86_64 x86_64 Alert Count 20 First Seen 2022-01-15 19:33:11 GMT Last Seen 2022-01-19 11:01:26 GMT Local ID afd61c20-9d89-4cfc-b35d-52a9b4df62b1 Raw Audit Messages type=AVC msg=audit(1642590086.635:1319): avc: denied { write } for pid=102886 comm="atril-thumbnail" name="bus" dev="tmpfs" ino=74 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:session_dbusd_tmp_t:s0 tclass=sock_file permissive=0 Hash: atril-thumbnail,thumb_t,session_dbusd_tmp_t,sock_file,write
I don't expect this is a result of upgrading selinux-policy, but it will be addressed in the next build.
*** Bug 2039546 has been marked as a duplicate of this bug. ***
Similar problem has been detected: Opening `thunar` is doing this every time. Same if done from the menu bar or from the command line. hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: SElinux disables the automatic creation of thumbnail images in Xfce. When you open an image in the image viewer, a thumbnail is created. hashmarkername: setroubleshoot kernel: 5.15.15-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: With Fedora 35 XFCE 4.16 Thunar 4.16.10 selinux-policy 35.11-1.fc35 SELinux-Mode: Enforcing Since update to latest version selinux-policy-35.11-1.fc35.noarch SELinux prohibits thumbnail creation in thunar: 1. Activate thumbnails in Thunar 2. Open any folder with media files in Thunar hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: creo que fue cuando use el paquete para descargar video hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.10-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: Install package `io.elementary.files`. Elementary file manager uses `tumbler` to generate thumbnail previews, but that was not intalled by default with file manager. Should be added as dependency? So next step I installed tumbler. Thats it. Tumbler write acces to d-bus was denied so it failed to start. Granting write access solved this problem. hashmarkername: setroubleshoot kernel: 5.15.15-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: This error comes up in the Xfce spin of Fedora 35, at random times. Not really sure how to reproduce this. hashmarkername: setroubleshoot kernel: 5.15.14-200.fc35.x86_64 package: selinux-policy-targeted-35.10-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I was opening the file manager (Thunar) but the error appeared when I clicked on one directory (Documents). hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: On Thunar start hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
*** Bug 2041243 has been marked as a duplicate of this bug. ***
Similar problem has been detected: I just booted up my desktop and got this error. I do updates on a weekly basis and this error is there since about three weeks now. hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: just popped up, tumblerd service is apparently enabled by default hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I opened Thunar file manager. Maybe it happened before when I enabled CTRL+H for showing hidden files and/or navigating to Trash. hashmarkername: setroubleshoot kernel: 5.15.12-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: It started to happen after some dnf update. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: This is related to the psuedomanuscypt virus I just cleaned off this system. I didn't get all the hooks out of the system and Nvidia bios. Could really use some help with cmos overright using SELinux through fedora as its the only thing this doesn't directly interact with besides solaris, which I don't know well enough to use. event_log: 2022-01-27-10:03:40> fatal: HTTP POST to URL 'https://bugzilla.redhat.com/xmlrpc.cgi' failed. libcurl failed even to execute the HTTP transaction, explaining: Could not resolve host: bugzilla.redhat.com hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I plugged a USB drive into my pc. This is related to the rootkit I cleared off. While it does still actively seek things, it has no way of connecting. It is not compatible with Fedora or Fedora SEC which is why I use that when I need security. hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: plugged in usb drive. This is coming from unknown asset which if you trace enough will show to be system bios. event_log: 2022-01-27-10:52:57> fatal: HTTP POST to URL 'https://bugzilla.redhat.com/xmlrpc.cgi' failed. libcurl failed even to execute the HTTP transaction, explaining: Could not resolve host: bugzilla.redhat.com hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: Probably problem was created after last tumblerd update. hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: opening thunar hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: This error message always comes when the computer boots up or when I open the personal folder. hashmarkername: setroubleshoot kernel: 5.15.17-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: I'm just logging into my XFCE session, and after one of the recent updates, I'm getting SELinux error messages now, saying that tumblerd is not allowed to access write access on sock_file. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.24-1.fc34.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: After update hashmarkername: setroubleshoot kernel: 5.15.17-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: Unknown. I do not know why it happened. hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: After restart hashmarkername: setroubleshoot kernel: 5.15.17-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: By every start of Thunar. hashmarkername: setroubleshoot kernel: 5.15.16-100.fc34.x86_64 package: selinux-policy-targeted-34.23-1.fc34.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: 1. Install Fedora 35 XFCE spin. 2. Remove dnfdragora (99.999% this is not required but that's what I did) 3. sudo dnf update -y && sudo reboot 4. Log in. 5 Several seconds after DE is displayed, an SELinux alert pops up. hashmarkername: setroubleshoot kernel: 5.15.17-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
FEDORA-2022-35e911cda6 has been submitted as an update to Fedora 34. https://bodhi.fedoraproject.org/updates/FEDORA-2022-35e911cda6
Similar problem has been detected: This problem came up after I performed a dnf update and then rebooted the system. hashmarkername: setroubleshoot kernel: 5.15.18-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
FEDORA-2022-35e911cda6 has been pushed to the Fedora 34 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2022-35e911cda6` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2022-35e911cda6 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
Similar problem has been detected: Happend during startup hashmarkername: setroubleshoot kernel: 5.15.18-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
Similar problem has been detected: Fedora-Xfce-Live-x86_64-35-1.2 was reinstalled, and after a successful update, the PC was started. Login with normal user and error dialog with error occurred immediately. hashmarkername: setroubleshoot kernel: 5.15.18-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport
FEDORA-2022-35e911cda6 has been pushed to the Fedora 34 stable repository. If problem still persists, please make note of it in this bug report.
Similar problem has been detected: using XFCE desktop, plugging usb drive in and out. tumbler is using dbus so clearly it needs sockets. hashmarkername: setroubleshoot kernel: 5.15.16-200.fc35.x86_64 package: selinux-policy-targeted-35.11-1.fc35.noarch reason: SELinux is preventing tumblerd from 'write' accesses on the sock_file bus. type: libreport