Description of problem: it keeps on poping when i use firefox SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the 'dac_override' capabilities. ***** Plugin dac_override (91.4 confidence) suggests *********************** If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system Then turn on full auditing to get path information about the offending file and generate the error again. Do Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla. ***** Plugin catchall (9.59 confidence) suggests *************************** If you believe that gsf-office-thumbnailer should have the dac_override capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gsf-office-thum /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects [ capability ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host (removed) Source RPM Packages libgsf-1.14.26-4.fc19.i686 Target RPM Packages Policy RPM selinux-policy-3.12.1-59.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.9.9-301.fc19.i686.PAE #1 SMP Thu Jul 4 15:25:09 UTC 2013 i686 i686 Alert Count 2 First Seen 2013-07-09 11:16:17 EAT Last Seen 2013-07-09 11:16:17 EAT Local ID 73294be0-6ac1-4f13-9bed-32a654ff198c Raw Audit Messages type=AVC msg=audit(1373357777.351:467): avc: denied { dac_override } for pid=2837 comm="gsf-office-thum" capability=1 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability type=AVC msg=audit(1373357777.351:467): avc: denied { dac_read_search } for pid=2837 comm="gsf-office-thum" capability=2 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability type=SYSCALL msg=audit(1373357777.351:467): arch=i386 syscall=open success=no exit=EACCES a0=9a54650 a1=8000 a2=1b6 a3=9a57478 items=0 ppid=2496 pid=2837 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=gsf-office-thum exe=/usr/bin/gsf-office-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: gsf-office-thum,thumb_t,thumb_t,capability,dac_override Additional info: reporter: libreport-2.1.5 hashmarkername: setroubleshoot kernel: 3.9.9-301.fc19.i686.PAE type: libreport Potential duplicate: bug 910553
Why are you running firefox as root? This is very dangerous. Not something we will support from SELinux.
(In reply to Daniel Walsh from comment #1) > Why are you running firefox as root? This is very dangerous. > > Not something we will support from SELinux. when i am running as aanother account with firefox same issue is there. SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the dac_override capability. ***** Plugin dac_override (91.4 confidence) suggests *********************** If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system Then turn on full auditing to get path information about the offending file and generate the error again. Do Turn on full auditing # auditctl -w /etc/shadow -p w Try to recreate AVC. Then execute # ausearch -m avc -ts recent If you see PATH record check ownership/permissions on file, and fix it, otherwise report as a bugzilla. ***** Plugin catchall (9.59 confidence) suggests *************************** If you believe that gsf-office-thumbnailer should have the dac_override capability by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep gsf-office-thum /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects [ capability ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host localhost.localdomain Source RPM Packages evince-3.8.2-1.fc19.x86_64 evince-3.8.3-2.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-74.11.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.11.7-200.fc19.x86_64 #1 SMP Mon Nov 4 14:09:03 UTC 2013 x86_64 x86_64 Alert Count 241 First Seen 2013-11-15 17:19:47 IST Last Seen 2013-11-18 13:30:11 IST Local ID 03ebe6fc-9826-45e8-b372-1c842694d587 Raw Audit Messages type=AVC msg=audit(1384761611.235:544): avc: denied { dac_override } for pid=5018 comm="evince-thumbnai" capability=1 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability type=AVC msg=audit(1384761611.235:544): avc: denied { dac_read_search } for pid=5018 comm="evince-thumbnai" capability=2 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability type=SYSCALL msg=audit(1384761611.235:544): arch=x86_64 syscall=open success=no exit=EACCES a0=132e9f0 a1=0 a2=0 a3=aaaaaaaaaaaaaaab items=0 ppid=3553 pid=5018 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=1 tty=(none) comm=evince-thumbnai exe=/usr/bin/evince-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: gsf-office-thum,thumb_t,thumb_t,capability,dac_override
THis is still running as root auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 Are you getting this from firefox?