Description of problem: see subject. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.11.1-67.fc18.noarch How reproducible: Frequently, but non-deterministic. i.e. I am frequently receiving these, but have not found a method to provoke them deterministically. Steps to Reproduce: 1. Open a nautilus window and step into a directory containing videos. Actual results: - The alert above. - Seemingly, totem-thumbnailer sometimes fails to generate thumbnail images from some videos. Expected results: No sealerts, proper function.
Could you also attach the alert? Thank you.
Created attachment 684252 [details] full SEalert (In reply to comment #1) > Could you also attach the alert? Thank you. Sure. Actually, I had intended to do so, but got distracted. Sorry ;)
FWIW: I am suspecting this issue to be related to dbus, due to the following observations: When trying to running totem-video-thumbnailer from the command line soon after one of these sealerts (300+ so far), issued a "can't connect to dbus" warning (or similar). Checking whether the dbus.service was running showed this: # systemctl status dbus.service ... dbus.service - D-Bus System Message Bus Loaded: loaded (/usr/lib/systemd/system/dbus.service; static) Active: active (running) since Mon 2013-01-21 09:43:52 CET; 18h ago Main PID: 533 (dbus-daemon) CGroup: name=systemd:/system/dbus.service ├─ 533 /bin/dbus-daemon --system --address=systemd: --nofor... ├─ 568 /usr/sbin/modem-manager └─5254 /usr/bin/python -Es /usr/sbin/setroubleshootd -f Jan 22 04:22:50 beck setroubleshoot[5254]: SELinux is preventing /usr/bin/totem-video-thumbnailer from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l 4c326cb1-a9f4-42d1-a4d9-3078e22f1e06 ... Manually restarting dbus.service # systemctl restart dbus.service seems to have caused the sealerts to go away. At least I haven't received any of these sealerts since then. I.e. I'd assume totem-video-thumbnailer could be doing something nasty, when dbus isn't running. From what I gather from strace, it seems to be wildly poking around into the system's sockets.
Were you running in an NIS Environment?
(In reply to comment #4) > Were you running in an NIS Environment? Yes, I am using NIS to host passwd, groups and homes, but the directories which trigger the alerts were local in this case.
totem is calling getpw calls which is triggering this event. We have just added dontaudits for this in Rawhide and should back port to F18.
It has beeen added also to F18. # yum update selinux-policy-targeted --enablerepo=updates-testing
I haven't received one of these sealerts since having installed selinux-policy-3.11.1-73.fc18 (6 days ago). Thanks.
This message is a reminder that Fedora 18 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 18. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '18'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 18's end of life. Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 18 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 18's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 18 changed to end-of-life (EOL) status on 2014-01-14. Fedora 18 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. If you are unable to reopen this bug, please file a new report against the current release. If you experience problems, please add a comment to this bug. Thank you for reporting this bug and we are sorry it could not be fixed.