View Issue Details

IDProjectCategoryView StatusLast Update
0015530CentOS-7selinux-policypublic2018-12-05 08:40
Reportermilkwolf 
PrioritynormalSeverityminorReproducibilityhave not tried
Status newResolutionopen 
PlatformOSOS Version7
Product Version 
Target VersionFixed in Version 
Summary0015530: SELinux is preventing /usr/bin/totem-video-thumbnailer from 'write' accesses on the directory gstreamer-1.0.
DescriptionDescription of problem:
SELinux is preventing /usr/bin/totem-video-thumbnailer from 'write' accesses on the directory gstreamer-1.0.

***** Plugin catchall (100. confidence) suggests **************************

If you believe that totem-video-thumbnailer should be allowed write access on the gstreamer-1.0 directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'totem-video-thu' --raw | audit2allow -M my-totemvideothu
# semodule -i my-totemvideothu.pp

Additional Information:
Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:admin_home_t:s0
Target Objects gstreamer-1.0 [ dir ]
Source totem-video-thu
Source Path /usr/bin/totem-video-thumbnailer
Port <Unknown>
Host (removed)
Source RPM Packages totem-3.22.1-1.el7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-192.el7.noarch selinux-
                              policy-3.13.1-229.el7_6.6.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name (removed)
Platform Linux (removed) 3.10.0-862.el7.x86_64 #1 SMP Fri
                              Apr 20 16:44:24 UTC 2018 x86_64 x86_64
Alert Count 14
First Seen 2018-12-05 16:32:18 CST
Last Seen 2018-12-05 16:32:20 CST
Local ID 71168478-0981-466c-9ae7-e09dee90c353

Raw Audit Messages
type=AVC msg=audit(1543998740.754:215): avc: denied { write } for pid=14595 comm="totem-video-thu" name="gstreamer-1.0" dev="dm-0" ino=3839 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:admin_home_t:s0 tclass=dir


type=SYSCALL msg=audit(1543998740.754:215): arch=x86_64 syscall=open success=no exit=EACCES a0=1696b50 a1=c2 a2=180 a3=1 items=0 ppid=12966 pid=14595 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)

Hash: totem-video-thu,thumb_t,admin_home_t,dir,write

Version-Release number of selected component:
selinux-policy-3.13.1-192.el7.noarch
selinux-policy-3.13.1-229.el7_6.6.noarch
Additional Informationreporter: libreport-2.1.11.1
hashmarkername: setroubleshoot
kernel: 3.10.0-862.el7.x86_64
reproducible: Not sure how to reproduce the problem
type: libreport
TagsNo tags attached.
abrt_hashd7a44e394c412974f0fced33206cafc9400f791d55408feaabf071af45c93374
URL

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2018-12-05 08:40 milkwolf New Issue