Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1517720 - SELinux is preventing gsf-office-thum from 'map' accesses on the tiedosto /run/media/yk/FEDORA-WS-L/Vincent/Linux_opas.odt.
Summary: SELinux is preventing gsf-office-thum from 'map' accesses on the tiedosto /ru...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 27
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Lukas Vrabec
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: abrt_hash:87adbeeac704fe10411c65e253b...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-11-27 10:11 UTC by ricky.tigg
Modified: 2018-02-08 19:29 UTC (History)
9 users (show)

Fixed In Version: selinux-policy-3.13.1-283.19.fc27
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-01-02 16:46:39 UTC


Attachments (Terms of Use)

Description ricky.tigg 2017-11-27 10:11:45 UTC
Description of problem:
That file involved in that alert is located on external USB device which is itself redirected to the present virtual machine on Qemu/KVM Virtual Machine Manager 1.4.3.
SELinux is preventing gsf-office-thum from 'map' accesses on the tiedosto /run/media/yk/FEDORA-WS-L/Vincent/Linux_opas.odt.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that gsf-office-thum should be allowed map access on the Linux_opas.odt file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'gsf-office-thum' --raw | audit2allow -M my-gsfofficethum
# semodule -X 300 -i my-gsfofficethum.pp

Additional Information:
Source Context                unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023
Target Context                system_u:object_r:dosfs_t:s0
Target Objects                /run/media/yk/FEDORA-WS-L/Vincent/Linux_opas.odt [
                              file ]
Source                        gsf-office-thum
Source Path                   gsf-office-thum
Port                          <Tuntematon>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-283.16.fc27.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 4.13.13-300.fc27.x86_64 #1 SMP Wed
                              Nov 15 15:47:50 UTC 2017 x86_64 x86_64
Alert Count                   1
First Seen                    2017-11-27 10:42:00 CET
Last Seen                     2017-11-27 10:42:00 CET
Local ID                      7444dc60-0d8b-4865-b96a-ca1071887186

Raw Audit Messages
type=AVC msg=audit(1511775720.419:230): avc:  denied  { map } for  pid=2111 comm="gsf-office-thum" path="/run/media/yk/FEDORA-WS-L/Vincent/Linux_opas.odt" dev="sda1" ino=383 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=system_u:object_r:dosfs_t:s0 tclass=file permissive=0


Hash: gsf-office-thum,thumb_t,dosfs_t,file,map

Version-Release number of selected component:
selinux-policy-3.13.1-283.16.fc27.noarch

Additional info:
component:      selinux-policy
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

Potential duplicate: bug 1487279

Comment 1 ricky.tigg 2017-11-27 10:48:32 UTC
Description of problem:
That file that requires application Libreoffice Writer to be openen has not been opened even once on the present virtual machine with any application.

Version-Release number of selected component:
selinux-policy-3.13.1-283.16.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

Comment 2 ricky.tigg 2017-11-27 11:14:30 UTC
Description of problem:
Files involved with the present gdf-office-thumb alert are not opened and have not been at any moment target for opening.
Task I am currently doing is done via terminal and involves tar function whose target is a .tgz file located on the same USB device where the .odt files involved in that alert are located too.

Version-Release number of selected component:
selinux-policy-3.13.1-283.16.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

Comment 3 ricky.tigg 2017-11-27 12:37:27 UTC
Description of problem:
Alert is not tied to a specific file extension as noticeable (now *.docx).

Version-Release number of selected component:
selinux-policy-3.13.1-283.16.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

Comment 4 Sr Neko 2017-12-03 20:19:06 UTC
Description of problem:
se paralizo completo el escritorio por un buen rato lo reinicie manualmente

Version-Release number of selected component:
selinux-policy-3.13.1-283.17.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.16-300.fc27.x86_64
type:           libreport

Comment 5 Jan Vlug 2017-12-07 10:17:41 UTC
Description of problem:
Using Nautilus to accers and move content from a USB key to the SSD.

Version-Release number of selected component:
selinux-policy-3.13.1-283.17.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.16-302.fc27.x86_64
type:           libreport

Comment 6 Mars 2017-12-12 11:07:54 UTC
Description of problem:
random selinux reports. i dont know why...

Version-Release number of selected component:
selinux-policy-3.13.1-283.17.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

Comment 7 Fedora Update System 2017-12-13 08:24:18 UTC
selinux-policy-3.13.1-283.18.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8225c4e502

Comment 8 Mars 2017-12-13 09:11:25 UTC
Description of problem:
file transfer to pendrive

Version-Release number of selected component:
selinux-policy-3.13.1-283.17.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.13.13-300.fc27.x86_64
type:           libreport

Comment 9 Fedora Update System 2017-12-14 11:10:55 UTC
selinux-policy-3.13.1-283.18.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8225c4e502

Comment 10 ricky.tigg 2017-12-15 11:40:47 UTC
Following the instructions mentioned in document from the link provided in comment #9, in host machine, the output from the command 
$ sudo dnf install -y selinux-policy –enablerepo=updates-testing
is:
Package selinux-policy-3.13.1-283.17.fc27.noarch is already installed, skipping.

As a result the component installed remains the one from the Fedora 27 updates repository (selinux-policy-3.13.1-283.17.fc27.noarch).

Comment 11 Fedora Update System 2017-12-20 11:22:03 UTC
selinux-policy-3.13.1-283.19.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-8225c4e502

Comment 12 Fedora Update System 2017-12-21 20:19:59 UTC
selinux-policy-3.13.1-283.19.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-8225c4e502

Comment 13 ricky.tigg 2017-12-22 10:37:40 UTC
Situation illustrated in Comment 10 is still alive.

Comment 14 Jan Vlug 2017-12-25 20:23:08 UTC
Description of problem:
Copying files from disk to usb stick.

Version-Release number of selected component:
selinux-policy-3.13.1-283.17.fc27.noarch

Additional info:
reporter:       libreport-2.9.3
hashmarkername: setroubleshoot
kernel:         4.14.7-300.fc27.x86_64
type:           libreport

Comment 15 Fedora Update System 2018-01-02 16:46:39 UTC
selinux-policy-3.13.1-283.19.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.