0008820: SELinux is preventing /usr/bin/evince-thumbnailer from using the 'dac_override' capabilities.

Description of problem:<br /> SELinux is preventing /usr/bin/evince-thumbnailer from using the 'dac_override' capabilities.<br /> <br /> ***** Plugin dac_override (91.4 confidence) suggests **********************<br /> <br /> If you want to help identify if domain needs this access or you have a file with the wrong permissions on your system<br /> Then turn on full auditing to get path information about the offending file and generate the error again.<br /> Do<br /> <br /> Turn on full auditing<br /> # auditctl -w /etc/shadow -p w<br /> Try to recreate AVC. Then execute<br /> # ausearch -m avc -ts recent<br /> If you see PATH record check ownership/permissions on file, and fix it, <br /> otherwise report as a bugzilla.<br /> <br /> ***** Plugin catchall (9.59 confidence) suggests **************************<br /> <br /> If you believe that evince-thumbnailer should have the dac_override capability by default.<br /> Then you should report this as a bug.<br /> You can generate a local policy module to allow this access.<br /> Do<br /> allow this access for now by executing:<br /> # grep evince-thumbnai /var/log/audit/audit.log | audit2allow -M mypol<br /> # semodule -i mypol.pp<br /> <br /> Additional Information:<br /> Source Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023<br /> Target Context unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023<br /> Target Objects Unknown [ capability ]<br /> Source evince-thumbnai<br /> Source Path /usr/bin/evince-thumbnailer<br /> Port <Unknown><br /> Host (removed)<br /> Source RPM Packages totem-3.8.2-5.el7.x86_64<br /> Target RPM Packages <br /> Policy RPM selinux-policy-3.13.1-23.el7_1.7.noarch<br /> Selinux Enabled True<br /> Policy Type targeted<br /> Enforcing Mode Enforcing<br /> Host Name (removed)<br /> Platform Linux (removed) 3.10.0-229.4.2.el7.x86_64 #1 SMP<br /> Wed May 13 10:06:09 UTC 2015 x86_64 x86_64<br /> Alert Count 92<br /> First Seen 2015-05-17 17:27:43 IST<br /> Last Seen 2015-05-23 20:40:18 IST<br /> Local ID 6a9b6327-67dc-4c0a-a6db-e4a5b2cf4d3a<br /> <br /> Raw Audit Messages<br /> type=AVC msg=audit(1432393818.461:583): avc: denied { dac_override } for pid=4947 comm="totem-video-thu" capability=1 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability<br /> <br /> <br /> type=AVC msg=audit(1432393818.461:583): avc: denied { dac_read_search } for pid=4947 comm="totem-video-thu" capability=2 scontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 tclass=capability<br /> <br /> <br /> type=SYSCALL msg=audit(1432393818.461:583): arch=x86_64 syscall=open success=no exit=EACCES a0=b4fe00 a1=0 a2=0 a3=0 items=0 ppid=3266 pid=4947 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=1 comm=totem-video-thu exe=/usr/bin/totem-video-thumbnailer subj=unconfined_u:unconfined_r:thumb_t:s0-s0:c0.c1023 key=(null)<br /> <br /> Hash: evince-thumbnai,thumb_t,thumb_t,capability,dac_override