View Issue Details

IDProjectCategoryView StatusLast Update
0015504CentOS-7selinux-policypublic2019-06-21 01:35
Reporterkiranhegde75@gmail.com 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015504: SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that totem-video-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'totem-video-thu' --raw | audit2allow -M my-totemvideothu
# semodule -i my-totemvideothu.pp

Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Unknown [ process2 ]
Source totem-video-thu
Source Path /usr/bin/totem-video-thumbnailer
Port <Unknown>
Host (removed)
Source RPM Packages evince-3.28.2-5.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.5.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-957.el7.x86_64 #1 SMP Thu
                              Nov 8 23:39:32 UTC 2018 x86_64 x86_64
Alert Count 7
First Seen 2018-12-01 09:06:42 IST
Last Seen 2018-12-01 09:06:48 IST
Local ID ed1365ce-1934-406e-900a-664da20c8990

Raw Audit Messages
type=AVC msg=audit(1543635408.473:324): avc: denied { nnp_transition nosuid_transition } for pid=29079 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 permissive=0


type=SYSCALL msg=audit(1543635408.473:324): arch=x86_64 syscall=execve success=yes exit=0 a0=7ffe2b712f6f a1=7ffe2b7155a0 a2=b9c160 a3=2f736e6f6974616c items=0 ppid=29074 pid=29079 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=1 comm=evince-thumbnai exe=/usr/bin/evince-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: totem-video-thu,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.5.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashee949e2acc44271be7ae54d0f26781ff906a3976034d153b802aa80420bd5b8e
URL

Activities

condebroken85

condebroken85

2018-12-31 14:50

reporter   ~0033489

Another user experienced a similar problem:

I creat a bash script to run an aide integrity check, main command on script is:
aide -c /etc/aide.conf -C

Move the script to /etc/cron.hourly/

When cron execute the script every hour, I get SELinux error ( journalctl -f)

When running the script from a shell as root I dont get SELinux error's

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
hal9K

hal9K

2019-03-10 00:59

reporter   ~0033967

Another user experienced a similar problem:

Não sei. Estava instalando alguns programas

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.9.noarch
reason: SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
jvwaldo

jvwaldo

2019-03-12 21:04

reporter   ~0033986

Another user experienced a similar problem:

I have no idea how this happened. I assume I did a directory listing in Nautilus by browsing to it and totem couldn't generate the thumbnail? I didn't actually notice it happen.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.9.noarch
reason: SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
PaulFza

PaulFza

2019-05-04 17:17

reporter   ~0034424

Another user experienced a similar problem:

I opened up a local directory

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.12.1.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.12.noarch
reason: SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
liaofuxiang

liaofuxiang

2019-06-21 01:35

reporter   ~0034705

Another user experienced a similar problem:

we open the firefox,then system send me this bug,I don't know what happend?

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.el7.x86_64
package: selinux-policy-3.13.1-229.el7.noarch
reason: SELinux is preventing /usr/bin/totem-video-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-12-01 03:50 kiranhegde75@gmail.com New Issue
2018-12-31 14:50 condebroken85 Note Added: 0033489
2019-03-10 00:59 hal9K Note Added: 0033967
2019-03-12 21:04 jvwaldo Note Added: 0033986
2019-05-04 17:17 PaulFza Note Added: 0034424
2019-06-21 01:35 liaofuxiang Note Added: 0034705