Additional info: libreport version: 2.0.13 kernel: 3.3.4-5.fc17.x86_64 description: :SELinux is preventing /usr/bin/totem-video-thumbnailer from 'create' accesses on the file registry.x86_64.bin.tmpLUSKKW. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that totem-video-thumbnailer should be allowed create access on the registry.x86_64.bin.tmpLUSKKW file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 :Target Context unconfined_u:object_r:cache_home_t:s0 :Target Objects registry.x86_64.bin.tmpLUSKKW [ file ] :Source totem-video-thu :Source Path /usr/bin/totem-video-thumbnailer :Port <Unknown> :Host (removed) :Source RPM Packages totem-3.5.90-2.fc18.x86_64 :Target RPM Packages :Policy RPM selinux-policy-3.11.1-21.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.3.4-5.fc17.x86_64 #1 SMP Mon May : 7 17:29:34 UTC 2012 x86_64 x86_64 :Alert Count 2 :First Seen 2012-09-19 14:08:37 IST :Last Seen 2012-09-19 14:08:43 IST :Local ID 8c199caa-3298-4d82-a01a-54ddb5b49810 : :Raw Audit Messages :type=AVC msg=audit(1348043923.545:161): avc: denied { create } for pid=4702 comm="totem-video-thu" name="registry.x86_64.bin.tmpLUSKKW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file : : :type=SYSCALL msg=audit(1348043923.545:161): arch=x86_64 syscall=open success=no exit=EACCES a0=16c0740 a1=c2 a2=180 a3=1 items=0 ppid=4647 pid=4702 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=5 comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) : :Hash: totem-video-thu,thumb_t,cache_home_t,file,create : :audit2allowunable to open /sys/fs/selinux/policy: Permission denied : : :audit2allow -Runable to open /sys/fs/selinux/policy: Permission denied : :
Created attachment 614261 [details] File: type
Created attachment 614262 [details] File: hashmarkername
What is a path to "registry.x86_64.bin.tmpLUSKKW"? I would like to know if this is mislabeling or we need to add new rules. Thank you.
I guess this is mislabling, because the file was located in /home/abhay/video.
~/.cache/thumbnails is mislabled in the current policy it should be labeled thumb_home_t, I just fixed that in policy. Fixed in selinux-policy-3.11.1-23.fc18.noarch
selinux-policy-3.11.1-25.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-25.fc18
Package selinux-policy-3.11.1-25.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-25.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-14807/selinux-policy-3.11.1-25.fc18 then log in and leave karma (feedback).
I did no activity with Totem, message appeared during empting the trash Package: (null) OS Release: Fedora release 18 (Spherical Cow)
thumbnailers get executed when you have a nautilus screen, IE a screen showing you files with icons.
Fixed in selinux-policy-3.11.1-37.fc18.noarch
This bug appears when I copy some music and videos from one folder to another. Package: (null) OS Release: Fedora release 18 (Spherical Cow)
$ rpm -q selinux-policy selinux-policy-3.11.1-46.fc18.noarch And problem still there :(
Do you get the same AVC msg?
How check this???? so???? # cat /var/log/audit/audit.log | grep totem-video-thumbnailer type=SYSCALL msg=audit(1351430384.195:1125): arch=40000003 syscall=5 success=no exit=-13 a0=906e110 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=24791 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351430384.196:1126): arch=40000003 syscall=5 success=no exit=-13 a0=908c738 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=24791 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351440660.812:1161): arch=40000003 syscall=5 success=no exit=-13 a0=84f5ca8 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=27605 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351440660.813:1162): arch=40000003 syscall=5 success=no exit=-13 a0=84f5ca8 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=27605 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351440660.994:1163): arch=40000003 syscall=5 success=no exit=-13 a0=919f110 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=27625 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351440660.994:1164): arch=40000003 syscall=5 success=no exit=-13 a0=91bd738 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=27625 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351442452.956:1178): arch=40000003 syscall=5 success=no exit=-13 a0=8356110 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=29060 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351442452.956:1179): arch=40000003 syscall=5 success=no exit=-13 a0=8374738 a1=80c2 a2=180 a3=c items=0 ppid=7020 pid=29060 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351530390.257:322): arch=40000003 syscall=5 success=no exit=-13 a0=8c84ca8 a1=80c2 a2=180 a3=c items=0 ppid=3994 pid=4018 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=SYSCALL msg=audit(1351530390.257:323): arch=40000003 syscall=5 success=no exit=-13 a0=8c84ca8 a1=80c2 a2=180 a3=c items=0 ppid=3994 pid=4018 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) [root@localhost ~]#
Try to re-test it and execute # ausearch -m avc -ts recent
Petr ls -ldZ ~/.cache/thumbnails drwx------. dwalsh dwalsh staff_u:object_r:thumb_home_t:s0 /home/dwalsh/.cache/thumbnails
# ausearch -m avc -ts recent ---- time->Wed Oct 31 01:34:06 2012 type=SYSCALL msg=audit(1351625646.830:559): arch=40000003 syscall=5 success=no exit=-13 a0=9c47ca8 a1=80c2 a2=180 a3=d items=0 ppid=9392 pid=21907 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1351625646.830:559): avc: denied { create } for pid=21907 comm="totem-video-thu" name="registry.i686.bin.tmpO2NHNW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Wed Oct 31 01:34:06 2012 type=SYSCALL msg=audit(1351625646.830:560): arch=40000003 syscall=5 success=no exit=-13 a0=9c47ca8 a1=80c2 a2=180 a3=d items=0 ppid=9392 pid=21907 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1351625646.830:560): avc: denied { create } for pid=21907 comm="totem-video-thu" name="registry.i686.bin.tmpQ0NHNW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Wed Oct 31 01:34:19 2012 type=SYSCALL msg=audit(1351625659.688:562): arch=40000003 syscall=5 success=no exit=-13 a0=8abeca8 a1=80c2 a2=180 a3=d items=0 ppid=9392 pid=21958 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1351625659.688:562): avc: denied { create } for pid=21958 comm="totem-video-thu" name="registry.i686.bin.tmpNK1ENW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Wed Oct 31 01:34:19 2012 type=SYSCALL msg=audit(1351625659.688:561): arch=40000003 syscall=5 success=no exit=-13 a0=8abeca8 a1=80c2 a2=180 a3=d items=0 ppid=9392 pid=21958 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1351625659.688:561): avc: denied { create } for pid=21958 comm="totem-video-thu" name="registry.i686.bin.tmpQQ1ENW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Wed Oct 31 01:34:41 2012 type=SYSCALL msg=audit(1351625681.690:564): arch=40000003 syscall=5 success=no exit=-13 a0=836dca8 a1=80c2 a2=180 a3=d items=0 ppid=9392 pid=22013 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1351625681.690:564): avc: denied { create } for pid=22013 comm="totem-video-thu" name="registry.i686.bin.tmpTZZENW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Wed Oct 31 01:34:41 2012 type=SYSCALL msg=audit(1351625681.690:563): arch=40000003 syscall=5 success=no exit=-13 a0=836dca8 a1=80c2 a2=180 a3=d items=0 ppid=9392 pid=22013 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1351625681.690:563): avc: denied { create } for pid=22013 comm="totem-video-thu" name="registry.i686.bin.tmpS4ZENW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file
$ ls -ldZ ~/.cache/thumbnails drwx------. mikhail mikhail unconfined_u:object_r:thumb_home_t:s0 /home/mikhail/.cache/thumbnails
Mikhail do you think this file is being created in the ~/.cache directory or one of the subdirs? Can you execute auditctl -w /etc/shadow -p w And then generate the AVC's. This should generate full path information on where the file is created. I just want to see if there is a specific subdir where the thumbnailer is using rather then allow thumbnailers to write anywhere in ~/.cache