View Issue Details

IDProjectCategoryView StatusLast Update
0015488CentOS-7selinux-policypublic2019-02-15 12:20
Reporterpdking77 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015488: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gdk-pixbuf-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gdk-pixbuf-thum' --raw | audit2allow -M my-gdkpixbufthum
# semodule -i my-gdkpixbufthum.pp

Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Unknown [ process2 ]
Source gdk-pixbuf-thum
Source Path /usr/bin/gdk-pixbuf-thumbnailer
Port <Unknown>
Host (removed)
Source RPM Packages gdk-pixbuf2-2.36.12-3.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.5.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.el7.x86_64 #1 SMP Thu
                              Nov 8 23:39:32 UTC 2018 x86_64 x86_64
Alert Count 91
First Seen 2018-11-25 16:29:18 EST
Last Seen 2018-11-25 16:29:30 EST
Local ID 7f0d4648-5cbd-4681-9403-1beee5e065e7

Raw Audit Messages
type=AVC msg=audit(1543181370.949:404): avc: denied { nnp_transition nosuid_transition } for pid=22308 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 permissive=0


type=SYSCALL msg=audit(1543181370.949:404): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff3548e993 a1=7fff3548d5a0 a2=230a160 a3=7fff3548aa60 items=0 ppid=22305 pid=22308 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=gdk-pixbuf-thum exe=/usr/bin/gdk-pixbuf-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: gdk-pixbuf-thum,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.5.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash6f73df3da47e27d4a14f85d551338e5e6e44cca127f76fff3de4e8b7d8688ca4
URL

Activities

GuL916

GuL916

2018-12-07 15:21

reporter   ~0033262

Another user experienced a similar problem:

This selinux alert append during update of Anaconda python using the following command:
/opt/anaconda3/bin/conda update anaconda

Sincerely

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
alex_okay

alex_okay

2018-12-12 19:37

reporter   ~0033326

Another user experienced a similar problem:


reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
pdking77

pdking77

2018-12-16 18:52

reporter   ~0033361

Another user experienced a similar problem:

Running Jenkins.war

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
misterbr

misterbr

2018-12-17 12:50

reporter   ~0033367

Another user experienced a similar problem:

SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the 'nnp_transition, nosuid_transition' accesses on a process.

Plugin: catchall
SELinux denied access requested by gdk-pixbuf-thum. It is not expected that this
access is required by gdk-pixbuf-thum and this access may signal an intrusion
attempt. It is also possible that the specific version or configuration of the
application is causing it to require additional access.

If you believe that gdk-pixbuf-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default.
You should report this as a bug.
You can generate a local policy module to allow this access.
Allow this access for now by executing:
# ausearch -c 'gdk-pixbuf-thum' --raw | audit2allow -M my-gdkpixbufthum
# semodule -i my-gdkpixbufthum.pp

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
TuxHandwerker

TuxHandwerker

2019-01-07 09:12

reporter   ~0033528

Another user experienced a similar problem:

Click on file to send it as an email.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.14.4.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
derbassi

derbassi

2019-02-03 17:08

reporter   ~0033763

Another user experienced a similar problem:

I installed python372 pip last version, I also trying to install Hadoop Hortonworks by following Hortonworks documentation

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
mroche

mroche

2019-02-07 23:31

reporter   ~0033790

Another user experienced a similar problem:

Opening a Nautilus file browser and having thumbnails generated appears to cause this error.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.9.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
Andy Michielsen

Andy Michielsen

2019-02-15 12:20

reporter   ~0033839

Another user experienced a similar problem:

Installed a new centos 7 on my pc and did all the upgrades. Plugged in my usb stick with backuped files and then I got this message

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.9.noarch
reason: SELinux is preventing /usr/bin/gdk-pixbuf-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-11-25 21:47 pdking77 New Issue
2018-12-07 15:21 GuL916 Note Added: 0033262
2018-12-12 19:37 alex_okay Note Added: 0033326
2018-12-16 18:52 pdking77 Note Added: 0033361
2018-12-17 12:50 misterbr Note Added: 0033367
2019-01-07 09:12 TuxHandwerker Note Added: 0033528
2019-02-03 17:08 derbassi Note Added: 0033763
2019-02-07 23:31 mroche Note Added: 0033790
2019-02-15 12:20 Andy Michielsen Note Added: 0033839