Description of problem: SELinux is preventing gst-plugin-scan from 'map' accesses on the chr_file /dev/dri/renderD128. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gst-plugin-scan should be allowed map access on the renderD128 chr_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gst-plugin-scan' --raw | audit2allow -M my-gstpluginscan # semodule -X 300 -i my-gstpluginscan.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:object_r:dri_device_t:s0 Target Objects /dev/dri/renderD128 [ chr_file ] Source gst-plugin-scan Source Path gst-plugin-scan Port <Unknown> Host (removed) Source RPM Packages Target RPM Packages SELinux Policy RPM selinux-policy-targeted-39.5-1.fc39.noarch Local Policy RPM selinux-policy-targeted-39.5-1.fc39.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 6.7.7-200.fc39.x86_64 #1 SMP PREEMPT_DYNAMIC Fri Mar 1 16:53:59 UTC 2024 x86_64 Alert Count 1 First Seen 2024-03-11 00:07:16 PDT Last Seen 2024-03-11 00:07:16 PDT Local ID ab1f6746-84f9-4058-8e30-837ddf885b8e Raw Audit Messages type=AVC msg=audit(1710140836.332:583): avc: denied { map } for pid=1093967 comm="gst-plugin-scan" path="/dev/dri/renderD128" dev="devtmpfs" ino=458 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dri_device_t:s0 tclass=chr_file permissive=1 Hash: gst-plugin-scan,thumb_t,dri_device_t,chr_file,map Version-Release number of selected component: selinux-policy-targeted-39.5-1.fc39.noarch Additional info: reporter: libreport-2.17.11 type: libreport package: selinux-policy-targeted-39.5-1.fc39.noarch hashmarkername: setroubleshoot kernel: 6.7.7-200.fc39.x86_64 reason: SELinux is preventing gst-plugin-scan from 'map' accesses on the chr_file /dev/dri/renderD128. component: selinux-policy component: selinux-policy
Created attachment 2021089 [details] File: description
Created attachment 2021090 [details] File: os_info
Same error on Fedora 40, happen when copy image files when there is destination folder open. I was coping Raw files (Nikon NEF) from SD card.
In my case it's renderD129, and happen from time to time. Now, when I opened directory with Raw files.
FEDORA-2024-75212378ea (selinux-policy-40.28-1.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-75212378ea
FEDORA-2024-75212378ea has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-75212378ea` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-75212378ea See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-75212378ea (selinux-policy-40.28-1.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.