View Issue Details

IDProjectCategoryView StatusLast Update
0015488CentOS-7selinux-policypublic2018-12-16 18:52
Reporterpdking77 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015488: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gdk-pixbuf-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdk-pixbuf-thum' --raw | audit2allow -M my-gdkpixbufthum
# semodule -i my-gdkpixbufthum.pp

Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Unknown [ process2 ]
Source gdk-pixbuf-thum
Source Path /usr/bin/gdk-pixbuf-thumbnailer
Port <Unknown>
Host (removed)
Source RPM Packages gdk-pixbuf2-2.36.12-3.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.5.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.el7.x86_64 #1 SMP Thu
                              Nov 8 23:39:32 UTC 2018 x86_64 x86_64
Alert Count 91
First Seen 2018-11-25 16:29:18 EST
Last Seen 2018-11-25 16:29:30 EST
Local ID 7f0d4648-5cbd-4681-9403-1beee5e065e7

Raw Audit Messages
type=AVC msg=audit(1543181370.949:404): avc: denied { nnp_transition nosuid_transition } for pid=22308 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 permissive=0


type=SYSCALL msg=audit(1543181370.949:404): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff3548e993 a1=7fff3548d5a0 a2=230a160 a3=7fff3548aa60 items=0 ppid=22305 pid=22308 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=gdk-pixbuf-thum exe=/usr/bin/gdk-pixbuf-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: gdk-pixbuf-thum,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.5.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash6f73df3da47e27d4a14f85d551338e5e6e44cca127f76fff3de4e8b7d8688ca4
URL

Activities

GuL916

GuL916

2018-12-07 15:21

reporter   ~0033262

Another user experienced a similar problem:

This selinux alert append during update of Anaconda python using the following command:
/opt/anaconda3/bin/conda update anaconda

Sincerely

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
alex_okay

alex_okay

2018-12-12 19:37

reporter   ~0033326

Another user experienced a similar problem:


reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
pdking77

pdking77

2018-12-16 18:52

reporter   ~0033361

Another user experienced a similar problem:

Running Jenkins.war

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-11-25 21:47 pdking77 New Issue
2018-12-07 15:21 GuL916 Note Added: 0033262
2018-12-12 19:37 alex_okay Note Added: 0033326
2018-12-16 18:52 pdking77 Note Added: 0033361