Description of problem: SELinux is preventing /usr/bin/evince-thumbnailer from 'append' accesses on the unix_stream_socket unix_stream_socket. ***** Plugin leaks (86.2 confidence) suggests ****************************** If you want to ignore evince-thumbnailer trying to append access the unix_stream_socket unix_stream_socket, because you believe it should not need this access. Then you should report this as a bug. You can generate a local policy module to dontaudit this access. Do # grep /usr/bin/evince-thumbnailer /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests *************************** If you believe that evince-thumbnailer should be allowed append access on the unix_stream_socket unix_stream_socket by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep evince-thumbnai /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context system_u:system_r:xdm_t:s0-s0:c0.c1023 Target Objects unix_stream_socket [ unix_stream_socket ] Source evince-thumbnai Source Path /usr/bin/evince-thumbnailer Port <Unknown> Host (removed) Source RPM Packages totem-3.8.2-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-44.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Permissive Host Name (removed) Platform Linux (removed) 3.9.2-301.fc19.x86_64 #1 SMP Mon May 13 12:36:24 UTC 2013 x86_64 x86_64 Alert Count 11 First Seen 2013-05-10 18:51:39 IST Last Seen 2013-05-16 12:14:44 IST Local ID b1815ded-b6b6-4d01-8852-5df3e518b008 Raw Audit Messages type=AVC msg=audit(1368686684.182:473): avc: denied { append } for pid=7510 comm="totem-video-thu" path="socket:[26032]" dev="sockfs" ino=26032 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:system_r:xdm_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1368686684.182:473): arch=x86_64 syscall=execve success=yes exit=0 a0=7fa130004e70 a1=7fa130004e00 a2=7fffb0244488 a3=22 items=0 ppid=1850 pid=7510 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=(none) comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: evince-thumbnai,thumb_t,xdm_t,unix_stream_socket,append audit2allow #============= thumb_t ============== allow thumb_t xdm_t:unix_stream_socket append; audit2allow -RYou must regenerate interface info by running /usr/bin/sepolgen-ifgen Additional info: reporter: libreport-2.1.4 hashmarkername: setroubleshoot kernel: 3.9.2-301.fc19.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 964651 ***