0015521: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. - CentOS Bug Tracker

ID	Project	Category	View Status	Date Submitted	Last Update

0015521	CentOS-7	selinux-policy	public	2018-12-04 06:42	2018-12-08 10:38

Reporter	TuxHandwerker
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	new	Resolution	open
Platform		OS		OS Version	7
Product Version
Target Version		Fixed in Version

Summary	0015521: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process.
Description	Description of problem: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. *** Plugin catchall (100. confidence) suggests ************************ If you believe that gsf-office-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'gsf-office-thum' --raw \| audit2allow -M my-gsfofficethum # semodule -i my-gsfofficethum.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ process2 ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host (removed) Source RPM Packages libgsf-1.14.26-7.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-12-04 07:40:06 CET Last Seen 2018-12-04 07:40:06 CET Local ID b7cf33d5-8b71-4068-bada-d92a472b12d3 Raw Audit Messages type=AVC msg=audit(1543905606.872:638): avc: denied { nnp_transition nosuid_transition } for pid=1362 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 type=SYSCALL msg=audit(1543905606.872:638): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff81cd3ac4 a1=7fff81cd6100 a2=a91160 a3=7fff81cd35e0 items=0 ppid=1357 pid=1362 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=gsf-office-thum exe=/usr/bin/gsf-office-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: gsf-office-thum,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.6.noarch
Additional Information	reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport
Tags	No tags attached.

abrt_hash	8e11a111986bc22d30459d3f2917e57aa76c7fd61080a45743b2698961bc374f
URL

touister 2018-12-05 04:40 reporter ~0033213	Another user experienced a similar problem: happened when opening "files" (nautilus) reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport

touister 2018-12-05 04:56 reporter ~0033214	Another user experienced a similar problem: when opening "files" (nautilus) reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport

Mark Songhurst 2018-12-06 04:43 reporter ~0033236	Another user experienced a similar problem: Fresh install of CentOS 7.6.1810, Gnome Desktop. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.1.3.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport

glouton 2018-12-08 10:20 reporter ~0033273	Another user experienced a similar problem: I think It happens when I save a LibreOffice document on a NTFS SSD drive. Je crois que cela arrive quand je sauvegarde un document LibreOffice sur un disque SSD NTFS. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.1.3.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport

glouton 2018-12-08 10:38 reporter ~0033274	ERRATUM: it's actualy when I open a file, just like it has been said above.

Date Modified	Username	Field	Change
2018-12-04 06:42	TuxHandwerker	New Issue
2018-12-05 04:40	touister	Note Added: 0033213
2018-12-05 04:56	touister	Note Added: 0033214
2018-12-06 04:43	Mark Songhurst	Note Added: 0033236
2018-12-08 10:20	glouton	Note Added: 0033273
2018-12-08 10:38	glouton	Note Added: 0033274