View Issue Details

IDProjectCategoryView StatusLast Update
0015521CentOS-7selinux-policypublic2019-02-12 17:03
ReporterTuxHandwerker 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015521: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that gsf-office-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default.
Then sie sollten dies als Fehler melden.
Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen.
Do
allow this access for now by executing:
# ausearch -c 'gsf-office-thum' --raw | audit2allow -M my-gsfofficethum
# semodule -i my-gsfofficethum.pp

Additional Information:
Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1
                              023
Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Objects Unknown [ process2 ]
Source gsf-office-thum
Source Path /usr/bin/gsf-office-thumbnailer
Port <Unknown>
Host (removed)
Source RPM Packages libgsf-1.14.26-7.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP
                              Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64
Alert Count 1
First Seen 2018-12-04 07:40:06 CET
Last Seen 2018-12-04 07:40:06 CET
Local ID b7cf33d5-8b71-4068-bada-d92a472b12d3

Raw Audit Messages
type=AVC msg=audit(1543905606.872:638): avc: denied { nnp_transition nosuid_transition } for pid=1362 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2


type=SYSCALL msg=audit(1543905606.872:638): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff81cd3ac4 a1=7fff81cd6100 a2=a91160 a3=7fff81cd35e0 items=0 ppid=1357 pid=1362 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=gsf-office-thum exe=/usr/bin/gsf-office-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)

Hash: gsf-office-thum,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition

Version-Release number of selected component:
selinux-policy-3.13.1-229.el7_6.6.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.14.4.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hash8e11a111986bc22d30459d3f2917e57aa76c7fd61080a45743b2698961bc374f
URL

Activities

touister

touister

2018-12-05 04:40

reporter   ~0033213

Another user experienced a similar problem:

happened when opening "files" (nautilus)

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.14.4.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
touister

touister

2018-12-05 04:56

reporter   ~0033214

Another user experienced a similar problem:

when opening "files" (nautilus)

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.14.4.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
Mark Songhurst

Mark Songhurst

2018-12-06 04:43

reporter   ~0033236

Another user experienced a similar problem:

Fresh install of CentOS 7.6.1810, Gnome Desktop.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
glouton

glouton

2018-12-08 10:20

reporter   ~0033273

Another user experienced a similar problem:

I think It happens when I save a LibreOffice document on a NTFS SSD drive.
Je crois que cela arrive quand je sauvegarde un document LibreOffice sur un disque SSD NTFS.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.1.3.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.6.noarch
reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport
glouton

glouton

2018-12-08 10:38

reporter   ~0033274

ERRATUM: it's actualy when I open a file, just like it has been said above.
gudisa

gudisa

2019-02-12 17:03

reporter   ~0033814

Another user experienced a similar problem:

Directorio compartido ~/Descargas en este sistema modo lectura escritura con cuenta de acceso.
Se establció la política SELinux.
Todo parece funcionar correctamente.
Acceso desde red local desde un sistema Ubuntu 16.04.
Se copia un directorio completo con archivos y directorios desde este sistema al CentOs.

reporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-957.5.1.el7.x86_64
package: selinux-policy-3.13.1-229.el7_6.9.noarch
reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
reproducible: Not sure how to reproduce the problem
type: libreport

Issue History

Date Modified Username Field Change
2018-12-04 06:42 TuxHandwerker New Issue
2018-12-05 04:40 touister Note Added: 0033213
2018-12-05 04:56 touister Note Added: 0033214
2018-12-06 04:43 Mark Songhurst Note Added: 0033236
2018-12-08 10:20 glouton Note Added: 0033273
2018-12-08 10:38 glouton Note Added: 0033274
2019-02-12 17:03 gudisa Note Added: 0033814