Description of problem: This SELinux warning popped up after opening a folder containing PDF files with Nautilus. SELinux is preventing /usr/bin/evince-thumbnailer from 'append' accesses on the unix_stream_socket unix_stream_socket. ***** Plugin leaks (86.2 confidence) suggests ****************************** If si desidera ignorare che evince-thumbnailer tenti l'accesso append su unix_stream_socket unix_stream_socket, siccome si crede che non dovrebbe richiedere tale accesso. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do # grep /usr/bin/evince-thumbnailer /var/log/audit/audit.log | audit2allow -D -M mypol # semodule -i mypol.pp ***** Plugin catchall (14.7 confidence) suggests *************************** If si crede che evince-thumbnailer dovrebbe avere possibilità di accesso append sui unix_stream_socket unix_stream_socket in modo predefinito. Then si dovrebbe riportare il problema come bug. E' possibile generare un modulo di politica locale per consentire questo accesso. Do consentire questo accesso per il momento eseguendo: # grep evince-thumbnai /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Additional Information: Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Objects unix_stream_socket [ unix_stream_socket ] Source evince-thumbnai Source Path /usr/bin/evince-thumbnailer Port <Sconosciuto> Host (removed) Source RPM Packages evince-3.8.3-1.fc19.x86_64 Target RPM Packages Policy RPM selinux-policy-3.12.1-69.fc19.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.4-300.fc19.x86_64 #1 SMP Tue Jul 30 11:29:05 UTC 2013 x86_64 x86_64 Alert Count 4 First Seen 2013-08-05 14:56:36 CEST Last Seen 2013-08-05 14:56:38 CEST Local ID 0185adb5-e6ee-4649-a954-20f78ce0697b Raw Audit Messages type=AVC msg=audit(1375707398.50:464): avc: denied { append } for pid=3269 comm="evince-thumbnai" path="socket:[19276]" dev="sockfs" ino=19276 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=AVC msg=audit(1375707398.50:464): avc: denied { append } for pid=3269 comm="evince-thumbnai" path="socket:[19276]" dev="sockfs" ino=19276 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket type=SYSCALL msg=audit(1375707398.50:464): arch=x86_64 syscall=execve success=yes exit=0 a0=7fba58002956 a1=7fba580014d0 a2=7fffb2c1e618 a3=1f items=0 ppid=3238 pid=3269 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 ses=1 tty=(none) comm=evince-thumbnai exe=/usr/bin/evince-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null) Hash: evince-thumbnai,thumb_t,unconfined_t,unix_stream_socket,append Additional info: reporter: libreport-2.1.6 hashmarkername: setroubleshoot kernel: 3.10.4-300.fc19.x86_64 type: libreport
*** This bug has been marked as a duplicate of bug 992531 ***