Description of problem: SELinux is preventing /usr/bin/evince-thumbnailer from 'unlink' accesses on the file .gnome_desktop_thumbnail.JAHKWW. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that evince-thumbnailer should be allowed unlink access on the .gnome_desktop_thumbnail.JAHKWW file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep evince-thumbnai /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:user_tmp_t:s0 Target Objects .gnome_desktop_thumbnail.JAHKWW [ file ] Source evince-thumbnai Source Path /usr/bin/evince-thumbnailer Port <Unknown> Host (removed) Source RPM Packages evince-3.6.1-2.fc18.x86_64 Target RPM Packages Policy RPM selinux-policy-3.11.1-92.fc18.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.8.9-200.fc18.x86_64 #1 SMP Fri Apr 26 12:50:07 UTC 2013 x86_64 x86_64 Alert Count 14 First Seen 2013-03-30 22:18:45 EDT Last Seen 2013-05-02 16:46:20 EDT Local ID b9d08d7f-4e17-48cc-b540-c58217742d4f Raw Audit Messages type=AVC msg=audit(1367527580.588:581): avc: denied { unlink } for pid=9379 comm="evince-thumbnai" name=".gnome_desktop_thumbnail.JAHKWW" dev="tmpfs" ino=1206382 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=file type=SYSCALL msg=audit(1367527580.588:581): arch=x86_64 syscall=unlink success=no exit=EACCES a0=b58220 a1=0 a2=7f23a2d4a798 a3=7fff047bac20 items=0 ppid=2400 pid=9379 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=2 tty=(none) comm=evince-thumbnai exe=/usr/bin/evince-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: evince-thumbnai,thumb_t,user_tmp_t,file,unlink audit2allow #============= thumb_t ============== allow thumb_t user_tmp_t:file unlink; audit2allow -R require { type thumb_t; } #============= thumb_t ============== userdom_delete_user_tmp_files(thumb_t) Additional info: hashmarkername: setroubleshoot kernel: 3.8.11-200.fc18.x86_64 type: libreport
Looks like this file got created with the wrong label? Were you running in permissive mode?
*** Bug 981646 has been marked as a duplicate of this bug. ***
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days