Description of problem: I tried to run # gsf-office-thumbnailer -i smthng.pptx -o ~/out -s 32 SELinux is preventing /usr/bin/gsf-office-thumbnailer from 'create' accesses on the file out.KRC4TW. ***** Plugin catchall (100. confidence) suggests *************************** If você acredita que o gsf-office-thumbnailer deva ser permitido acesso de create em out.KRC4TW file por default. Then você precisa reportar este como um erro. Você pode gerar um módulo de política local para permitir este acesso. Do permitir este acesso agora executando: # grep gsf-office-thum /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_home_dir_t:s0 Target Objects out.KRC4TW [ file ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host (removed) Source RPM Packages libgsf-1.14.24-2.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-82.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.2-206.fc18.x86_64 #1 SMP Fri Mar 8 15:03:34 UTC 2013 x86_64 x86_64 Alert Count 1 First Seen 2013-03-13 22:27:32 BRT Last Seen 2013-03-13 22:27:32 BRT Local ID 93a3f49d-764e-47c4-b69d-bdd5c28abd89 Raw Audit Messages type=AVC msg=audit(1363224452.479:397): avc: denied { create } for pid=4919 comm="gsf-office-thum" name="out.KRC4TW" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=file type=SYSCALL msg=audit(1363224452.479:397): arch=x86_64 syscall=open success=no exit=EACCES a0=12166e0 a1=c2 a2=180 a3=0 items=0 ppid=4670 pid=4919 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=pts0 comm=gsf-office-thum exe=/usr/bin/gsf-office-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: gsf-office-thum,thumb_t,user_home_dir_t,file,create audit2allow #============= thumb_t ============== allow thumb_t user_home_dir_t:file create; audit2allow -R #============= thumb_t ============== allow thumb_t user_home_dir_t:file create; Additional info: hashmarkername: setroubleshoot kernel: 3.8.2-206.fc18.x86_64 type: libreport
Davi does # restorecon -R -v /home change any labels?
(In reply to comment #1) > Davi does > > # restorecon -R -v /home > > change any labels? Yes, but only for some files under ~/.themes, but may I guess it's not important?
Can libgsf create its content in ~/.cache/thumnails Like the other thumbnailers?
Well, -o ~/out does ask for the final file to be written to the home dir. We can change the tmp file location I suppose, but will that actually help this example when it comes to writing that final file in the home dir.
libgsf-1.14.24-3.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/libgsf-1.14.24-3.fc18
Caolan, does anyone other then testers use the -o command?
Its a simple enough utility, gsf-office-thumbnailer -i infile -o outfile, extract the preview images of various file formats to an output file. I don't know all the circumstances under which its called.
What I meant is, that it is probably almost always called by nautilus of the filemanager widget.
I suppose, yes, typically its major user would be nautilus.
Package libgsf-1.14.24-3.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing libgsf-1.14.24-3.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-3950/libgsf-1.14.24-3.fc18 then log in and leave karma (feedback).
libgsf-1.14.24-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
FYI, a user is reporting problems in the form of segfaults with with libgsf-1.14.24-3.fc18 https://bugzilla.gnome.org/show_bug.cgi?id=698667 (There isn't much there, but offline messages confirms the version number and segfault in the form of screen shots.)