View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0015521 | CentOS-7 | selinux-policy | public | 2018-12-04 06:42 | 2020-04-01 08:56 |
Reporter | TuxHandwerker | Assigned To | |||
Priority | normal | Severity | minor | Reproducibility | have not tried |
Status | new | Resolution | open | ||
OS Version | 7 | ||||
Summary | 0015521: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. | ||||
Description | Description of problem: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gsf-office-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default. Then sie sollten dies als Fehler melden. Um diesen Zugriff zu erlauben, können Sie ein lokales Richtlinien-Modul erstellen. Do allow this access for now by executing: # ausearch -c 'gsf-office-thum' --raw | audit2allow -M my-gsfofficethum # semodule -i my-gsfofficethum.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ process2 ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host (removed) Source RPM Packages libgsf-1.14.26-7.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-229.el7_6.6.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name (removed) Platform Linux (removed) 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 Alert Count 1 First Seen 2018-12-04 07:40:06 CET Last Seen 2018-12-04 07:40:06 CET Local ID b7cf33d5-8b71-4068-bada-d92a472b12d3 Raw Audit Messages type=AVC msg=audit(1543905606.872:638): avc: denied { nnp_transition nosuid_transition } for pid=1362 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 type=SYSCALL msg=audit(1543905606.872:638): arch=x86_64 syscall=execve success=yes exit=0 a0=7fff81cd3ac4 a1=7fff81cd6100 a2=a91160 a3=7fff81cd35e0 items=0 ppid=1357 pid=1362 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=gsf-office-thum exe=/usr/bin/gsf-office-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: gsf-office-thum,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition Version-Release number of selected component: selinux-policy-3.13.1-229.el7_6.6.noarch | ||||
Additional Information | reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 reproducible: Not sure how to reproduce the problem type: libreport | ||||
Tags | No tags attached. | ||||
abrt_hash | 8e11a111986bc22d30459d3f2917e57aa76c7fd61080a45743b2698961bc374f | ||||
URL | |||||
Another user experienced a similar problem: happened when opening "files" (nautilus) reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: when opening "files" (nautilus) reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-862.14.4.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: Fresh install of CentOS 7.6.1810, Gnome Desktop. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.1.3.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: I think It happens when I save a LibreOffice document on a NTFS SSD drive. Je crois que cela arrive quand je sauvegarde un document LibreOffice sur un disque SSD NTFS. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.1.3.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
ERRATUM: it's actualy when I open a file, just like it has been said above. | |
Another user experienced a similar problem: Directorio compartido ~/Descargas en este sistema modo lectura escritura con cuenta de acceso. Se establció la política SELinux. Todo parece funcionar correctamente. Acceso desde red local desde un sistema Ubuntu 16.04. Se copia un directorio completo con archivos y directorios desde este sistema al CentOs. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.5.1.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.9.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: Opening nautilus from the desktop icon. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.10.1.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.9.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: Tried to download a file from google drive. reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.10.1.el7.x86_64 package: selinux-policy-3.13.1-229.el7_6.9.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Was running dropbox using flatpak Dropbox is initialising and syncing with the dropbox server Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects /lib64/ld-linux-x86-64.so.2 [ process2 ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host localhost.localdomain Source RPM Packages libgsf-1.14.26-7.el7.x86_64 Target RPM Packages glibc-2.17-292.el7.x86_64 Policy RPM selinux-policy-3.13.1-252.el7.1.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.10.0-957.27.2.el7.x86_64 #1 SMP Mon Jul 29 17:46:05 UTC 2019 x86_64 x86_64 Alert Count 5 First Seen 2019-09-15 10:43:33 +08 Last Seen 2019-11-01 13:59:16 +08 Local ID db9d8416-da31-40c1-a9aa-66c1f6884507 |
|
Another user experienced a similar problem: I dont know what hapen... reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1062.4.1.el7.x86_64 package: selinux-policy-3.13.1-252.el7.1.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: i dont know what hapen! reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1062.4.3.el7.x86_64 package: selinux-policy-3.13.1-252.el7.1.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: try to update with yum, and stop system reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-1062.9.1.el7.x86_64 package: selinux-policy-3.13.1-252.el7_7.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Another user experienced a similar problem: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the 'nnp_transition, nosuid_transition' accesses on a process. ***** Plugin catchall (100. confidence) suggests ************************** If you believe that gsf-office-thumbnailer should be allowed nnp_transition nosuid_transition access on processes labeled thumb_t by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # ausearch -c 'gsf-office-thum' --raw | audit2allow -M my-gsfofficethum # semodule -i my-gsfofficethum.pp Additional Information: Source Context unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1 023 Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 Target Objects Unknown [ process2 ] Source gsf-office-thum Source Path /usr/bin/gsf-office-thumbnailer Port <Unknown> Host localhost.localdomain Source RPM Packages gdk-pixbuf2-2.36.12-3.el7.x86_64 Target RPM Packages Policy RPM selinux-policy-3.13.1-252.el7_7.6.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.10.0-957.5.1.el7.x86_64 #1 SMP Fri Feb 1 14:54:57 UTC 2019 x86_64 x86_64 Alert Count 292 First Seen 2019-02-17 09:08:07 IST Last Seen 2020-04-01 14:24:07 IST Local ID 24de8406-7eeb-48fe-ab8c-cafe672c7d38 Raw Audit Messages type=AVC msg=audit(1585731247.708:365): avc: denied { nnp_transition nosuid_transition } for pid=4418 comm="flatpak-bwrap" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=process2 permissive=0 type=SYSCALL msg=audit(1585731247.708:365): arch=x86_64 syscall=execve success=yes exit=0 a0=7ffd3a3049db a1=7ffd3a302a60 a2=1c60160 a3=7ffd3a300060 items=0 ppid=4416 pid=4418 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=2 comm=gdk-pixbuf-thum exe=/usr/bin/gdk-pixbuf-thumbnailer subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null) Hash: gsf-office-thum,unconfined_t,thumb_t,process2,nnp_transition,nosuid_transition [0D] reporter: libreport-2.1.11.1 hashmarkername: setroubleshoot kernel: 3.10.0-957.5.1.el7.x86_64 package: selinux-policy-3.13.1-252.el7_7.6.noarch reason: SELinux is preventing /usr/bin/gsf-office-thumbnailer from using the nnp_transition, nosuid_transition access on a process. reproducible: Not sure how to reproduce the problem type: libreport |
|
Date Modified | Username | Field | Change |
---|---|---|---|
2018-12-04 06:42 | TuxHandwerker | New Issue | |
2018-12-05 04:40 | touister | Note Added: 0033213 | |
2018-12-05 04:56 | touister | Note Added: 0033214 | |
2018-12-06 04:43 | Mark Songhurst | Note Added: 0033236 | |
2018-12-08 10:20 | glouton | Note Added: 0033273 | |
2018-12-08 10:38 | glouton | Note Added: 0033274 | |
2019-02-12 17:03 | gudisa | Note Added: 0033814 | |
2019-03-27 16:36 | krazynez | Note Added: 0034118 | |
2019-04-12 14:01 | michaelyonis | Note Added: 0034188 | |
2019-11-01 06:08 | nvycent | Note Added: 0035624 | |
2019-11-03 11:27 | plober | Note Added: 0035634 | |
2019-11-23 21:03 | plober | Note Added: 0035743 | |
2019-12-11 00:30 | darkman2025 | Note Added: 0035818 | |
2020-04-01 08:56 | Roshan.Kr | Note Added: 0036632 |