Bug 986743 - SELinux is preventing /usr/bin/ffmpegthumbnailer from 'create' accesses on the file M1.jpg.
Summary: SELinux is preventing /usr/bin/ffmpegthumbnailer from 'create' accesses on th...
Keywords:
Status: CLOSED INSUFFICIENT_DATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 19
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:4538566dce6d8b432eac2ea4c1a...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-22 02:03 UTC by Daniel Cabral
Modified: 2017-06-05 15:57 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-10-25 09:31:51 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Daniel Cabral 2013-07-22 02:03:28 UTC 
Description of problem:
Opened up google-chrome browser
SELinux is preventing /usr/bin/ffmpegthumbnailer from 'create' accesses on the file M1.jpg.

*****  Plugin catchall (100. confidence) suggests  ***************************

If you believe that ffmpegthumbnailer should be allowed create access on the M1.jpg file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep ffmpegthumbnail /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:user_home_t:s0
Target Objects                M1.jpg [ file ]
Source                        ffmpegthumbnail
Source Path                   /usr/bin/ffmpegthumbnailer
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           ffmpegthumbnailer-2.0.8-4.fc19.x86_64
Target RPM Packages           
Policy RPM                    selinux-policy-3.12.1-63.fc19.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 3.9.9-302.fc19.x86_64 #1 SMP Sat
                              Jul 6 13:41:07 UTC 2013 x86_64 x86_64
Alert Count                   11
First Seen                    2013-07-20 21:50:06 PDT
Last Seen                     2013-07-20 22:19:16 PDT
Local ID                      e8629214-7d0d-4393-8f01-051caa10d19f

Raw Audit Messages
type=AVC msg=audit(1374383956.952:517): avc:  denied  { create } for  pid=10008 comm="ffmpegthumbnail" name="M1.jpg" scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file


type=SYSCALL msg=audit(1374383956.952:517): arch=x86_64 syscall=open success=no exit=EACCES a0=23100c8 a1=241 a2=1b6 a3=7fff84965120 items=0 ppid=10007 pid=10008 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=(none) comm=ffmpegthumbnail exe=/usr/bin/ffmpegthumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)

Hash: ffmpegthumbnail,thumb_t,user_home_t,file,create

Additional info:
reporter:       libreport-2.1.5
hashmarkername: setroubleshoot
kernel:         3.9.9-302.fc19.x86_64
type:           libreport
Comment 1 Miroslav Grepl 2013-07-22 09:33:15 UTC 
restorecon -R -v /home

Does this change anything?

Do you know where "M1.jpg" is created by ffmpegthumbnail?
Note You need to log in before you can comment on or make changes to this bug.