Additional info: libreport version: 2.0.18 kernel: 3.6.6-3.fc18.i686.PAE description: :SELinux is preventing /usr/bin/totem-video-thumbnailer from 'unlink' accesses on the file /home/mikhail/.cache/gstreamer-1.0/registry.i686.bin. : :***** Plugin catchall (100. confidence) suggests *************************** : :If you believe that totem-video-thumbnailer should be allowed unlink access on the registry.i686.bin file by default. :Then you should report this as a bug. :You can generate a local policy module to allow this access. :Do :allow this access for now by executing: :# grep totem-video-thu /var/log/audit/audit.log | audit2allow -M mypol :# semodule -i mypol.pp : :Additional Information: :Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 :Target Context unconfined_u:object_r:cache_home_t:s0 :Target Objects /home/mikhail/.cache/gstreamer-1.0/registry.i686.b : in [ file ] :Source totem-video-thu :Source Path /usr/bin/totem-video-thumbnailer :Port <Unknown> :Host (removed) :Source RPM Packages totem-3.6.2-1.fc18.i686 :Target RPM Packages :Policy RPM selinux-policy-3.11.1-50.fc18.noarch :Selinux Enabled True :Policy Type targeted :Enforcing Mode Enforcing :Host Name (removed) :Platform Linux (removed) 3.6.6-3.fc18.i686.PAE #1 SMP Mon : Nov 5 16:37:58 UTC 2012 i686 i686 :Alert Count 3 :First Seen 2012-11-07 09:55:05 YEKT :Last Seen 2012-11-07 09:55:05 YEKT :Local ID d557eaa3-59d9-4862-8b50-f09c7d3d8997 : :Raw Audit Messages :type=AVC msg=audit(1352260505.829:332): avc: denied { unlink } for pid=4165 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792649 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file : : :type=SYSCALL msg=audit(1352260505.829:332): arch=i386 syscall=rename success=no exit=EACCES a0=96f9820 a1=95d0900 a2=46ae2000 a3=96f8e80 items=0 ppid=4107 pid=4165 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=pts3 ses=2 comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) : :Hash: totem-video-thu,thumb_t,cache_home_t,file,unlink : :audit2allow : :#============= thumb_t ============== :allow thumb_t cache_home_t:file unlink; : :audit2allow -R : :#============= thumb_t ============== :allow thumb_t cache_home_t:file unlink; :
Created attachment 639774 [details] File: type
Created attachment 639775 [details] File: hashmarkername
We would need to make /home/mikhail/.cache/gstreamer-1.0 labeled as gstreamer_home_t. I added fixes to see if it works. You can execute # chcon -R -t gstreamer_home_t /home/mikhail/.cache/gstreamer-1.0
Plugged in my usb hdd with videos and stuff. Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
Videos on a usb pen drive. Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
Don't exactly know how this happened... :-/ Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
1. open nautilus 2. navigate to a folder containing a video file Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
f23aef5bbc1f2fe410a0a2d4caf8d52b36d6c76e fixes this issue. We have the labels of ~/.cache/.gstreamer instead of ~/.cache/gstreamer, which is causing this problem.
Fixed in selinux-policy-3.11.1-55.fc18.noarch
selinux-policy-3.11.1-57.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-57.fc18
Package selinux-policy-3.11.1-57.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-57.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-57.fc18 then log in and leave karma (feedback).
Package selinux-policy-3.11.1-59.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-59.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-59.fc18 then log in and leave karma (feedback).
Opened files with .avi file present Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
Package selinux-policy-3.11.1-60.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-60.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-19374/selinux-policy-3.11.1-60.fc18 then log in and leave karma (feedback).
selinux-policy-3.11.1-60.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
$ rpm -q selinux-policy selinux-policy-3.11.1-62.fc18.noarch Problem still occurs
# ausearch -m avc -ts recent ---- time->Mon Dec 17 09:56:36 2012 type=SYSCALL msg=audit(1355716596.759:1594): arch=40000003 syscall=38 success=no exit=-13 a0=9daf710 a1=9c18d38 a2=41eeb000 a3=9e04370 items=0 ppid=7051 pid=28119 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716596.759:1594): avc: denied { unlink } for pid=28119 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:37 2012 type=SYSCALL msg=audit(1355716597.499:1595): arch=40000003 syscall=38 success=no exit=-13 a0=a08e710 a1=9ef7d38 a2=41eeb000 a3=a0e3370 items=0 ppid=7051 pid=28139 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716597.499:1595): avc: denied { unlink } for pid=28139 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:38 2012 type=SYSCALL msg=audit(1355716598.015:1596): arch=40000003 syscall=38 success=no exit=-13 a0=8fd2a28 a1=8e5ad38 a2=41eeb000 a3=9046370 items=0 ppid=7051 pid=28161 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716598.015:1596): avc: denied { unlink } for pid=28161 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:38 2012 type=SYSCALL msg=audit(1355716598.485:1597): arch=40000003 syscall=38 success=no exit=-13 a0=9448710 a1=92b1d38 a2=41eeb000 a3=949d370 items=0 ppid=7051 pid=28184 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716598.485:1597): avc: denied { unlink } for pid=28184 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file ---- time->Mon Dec 17 09:56:38 2012 type=SYSCALL msg=audit(1355716598.846:1598): arch=40000003 syscall=38 success=no exit=-13 a0=9595a28 a1=941dd38 a2=41eeb000 a3=9609370 items=0 ppid=7051 pid=28204 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm="totem-video-thu" exe="/usr/bin/totem-video-thumbnailer" subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1355716598.846:1598): avc: denied { unlink } for pid=28204 comm="totem-video-thu" name="registry.i686.bin" dev="sdb" ino=162792523 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:cache_home_t:s0 tclass=file
Fixed in selinux-policy-3.11.1-67.fc18.noarch THere is a typo in the file context string cache should be \.cache
selinux-policy-3.11.1-67.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/selinux-policy-3.11.1-67.fc18
Package selinux-policy-3.11.1-67.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing selinux-policy-3.11.1-67.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-20813/selinux-policy-3.11.1-67.fc18 then log in and leave karma (feedback).
Open folder with media files that nautilus hasn't seen before and will try to create thumbnails for. Package: (null) Architecture: x86_64 OS Release: Fedora release 18 (Spherical Cow)
Did you get this with selinux-policy-3.11.1-67.fc18?
No, I already confirmed7 via bodhi that this bug is fixed with 3.11.1-6. Thanks :)
open *txt file in gedit Package: (null) OS Release: Fedora release 18 (Spherical Cow)
selinux-policy-3.11.1-67.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.