Discussion:
puzzling SELinux alert.
home user
2021-04-13 17:40:48 UTC
Permalink
At least 3 times in the past few days I've seen the same SELinux alert. 
I put the text of the details in the attached file "alerts.txt".  All 3
occurrences were while using caja to rename or delete a file, though it
does not happen every time I rename or delete a file in caja.  These
alerts confuse me.  There is no directory "/memdf:"...

-bash.1[~]: cd /
-bash.2[/]: ls -a
.    boot    etc   lib64       mnt   root  srv system-upgrade       usr
..   .cache  home  lost+found  opt   run   sys system-upgrade-root  var
bin  dev     lib   media       proc  sbin  sysroot  tmp
-bash.3[/]: ls -a /memfd*
ls: cannot access '/memfd*': No such file or directory
-bash.4[/]:

Also, the directory name (ending with a colon?) looks fishy. Further,
the filename ".nvidia_drv.XXXXXX" looks fishy (but "legal").

The instruction does not work:

-bash.4[/]: /sbin/restorecon -v /memfd:/.nvidia_drv.XXXXXX (deleted)
-bash: syntax error near unexpected token `('
-bash.4[/]:

-bash.5[/]: /sbin/restorecon -v /memfd:/.nvidia_drv.XXXXXX
/sbin/restorecon: SELinux: Could not get canonical path for
/memfd:/.nvidia_drv.XXXXXX restorecon: No such file or directory.
-bash.6[/]:

I gather that a directory and or file (whatever its name really is) are
missing?

How do I fix this?
Roger Heflin
2021-04-13 18:48:53 UTC
Permalink
I see a lot of /memfd: in lsof it appears to be anonymous files (ie
temp files). I am going to guess memfd is memory file descriptor, ie
a temp file created in memory.

Usually they are going to not actually exist anywhere in a fs. And
generally the app that opens/creates them is the app that is going to
immediately use it.

if selinux is blocking it I would think it should cause some sort of
issues with the owner/application using the file.

lsof | grep "/memfd:/.nvidia" will show you the owner of the
specific file. For the nvidia_drv one it looks like Xorg (on my
system, may Wayland if you are using that) opens it.

On mine in lsof I have hundreds using the .nvidia_drv.XXXXXX one and
all have the same node in lsof so all are the same object, probably
created by the display owner.

It may be that caja itself is not granted the proper selinux
permissions to use that resource and is hence getting the error. Ie
the error may not be that the file is missing options but that the
application is not allowed access to the file.

you might try the restorecon against the caja executable itself
Post by home user
At least 3 times in the past few days I've seen the same SELinux alert.
I put the text of the details in the attached file "alerts.txt". All 3
occurrences were while using caja to rename or delete a file, though it
does not happen every time I rename or delete a file in caja. These
alerts confuse me. There is no directory "/memdf:"...
-bash.1[~]: cd /
-bash.2[/]: ls -a
. boot etc lib64 mnt root srv system-upgrade usr
.. .cache home lost+found opt run sys system-upgrade-root var
bin dev lib media proc sbin sysroot tmp
-bash.3[/]: ls -a /memfd*
ls: cannot access '/memfd*': No such file or directory
Also, the directory name (ending with a colon?) looks fishy. Further,
the filename ".nvidia_drv.XXXXXX" looks fishy (but "legal").
-bash.4[/]: /sbin/restorecon -v /memfd:/.nvidia_drv.XXXXXX (deleted)
-bash: syntax error near unexpected token `('
-bash.5[/]: /sbin/restorecon -v /memfd:/.nvidia_drv.XXXXXX
/sbin/restorecon: SELinux: Could not get canonical path for
/memfd:/.nvidia_drv.XXXXXX restorecon: No such file or directory.
I gather that a directory and or file (whatever its name really is) are
missing?
How do I fix this?
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
home user
2021-04-13 19:59:10 UTC
Permalink
Post by Roger Heflin
I see a lot of /memfd: in lsof it appears to be anonymous files (ie
temp files). I am going to guess memfd is memory file descriptor, ie
a temp file created in memory.
Usually they are going to not actually exist anywhere in a fs. And
generally the app that opens/creates them is the app that is going to
immediately use it.
if selinux is blocking it I would think it should cause some sort of
issues with the owner/application using the file.
lsof | grep "/memfd:/.nvidia" will show you the owner of the
specific file. For the nvidia_drv one it looks like Xorg (on my
system, may Wayland if you are using that) opens it.
I've attached the output of "lsof | grep "/memfd:/.nvidia"". When I ran
that, caja, a terminal, and xeyes were running.
Post by Roger Heflin
On mine in lsof I have hundreds using the .nvidia_drv.XXXXXX one and
all have the same node in lsof so all are the same object, probably
created by the display owner.
It may be that caja itself is not granted the proper selinux
permissions to use that resource and is hence getting the error. Ie
the error may not be that the file is missing options but that the
application is not allowed access to the file.
When I ran the renames and deletes in caja, they all worked properly
even though I received the SELinux alerts in some cases. Would that
have been so if caja was lacking SELinux permissions?
Post by Roger Heflin
you might try the restorecon against the caja executable itself
[... snip ...]
Roger Heflin
2021-04-13 20:24:26 UTC
Permalink
Are you running permissive or enforcing?

if permissive then it does not block anything, but says it is blocking

if enforcing it is blocking something, though it may be a
pointless/useless interface feature of some sort that does not matter,
and does not really affect functionality.

And it might be some sort of sub process that is failing to do
something that may or may not matter.
Post by home user
Post by Roger Heflin
I see a lot of /memfd: in lsof it appears to be anonymous files (ie
temp files). I am going to guess memfd is memory file descriptor, ie
a temp file created in memory.
Usually they are going to not actually exist anywhere in a fs. And
generally the app that opens/creates them is the app that is going to
immediately use it.
if selinux is blocking it I would think it should cause some sort of
issues with the owner/application using the file.
lsof | grep "/memfd:/.nvidia" will show you the owner of the
specific file. For the nvidia_drv one it looks like Xorg (on my
system, may Wayland if you are using that) opens it.
I've attached the output of "lsof | grep "/memfd:/.nvidia"". When I ran
that, caja, a terminal, and xeyes were running.
Post by Roger Heflin
On mine in lsof I have hundreds using the .nvidia_drv.XXXXXX one and
all have the same node in lsof so all are the same object, probably
created by the display owner.
It may be that caja itself is not granted the proper selinux
permissions to use that resource and is hence getting the error. Ie
the error may not be that the file is missing options but that the
application is not allowed access to the file.
When I ran the renames and deletes in caja, they all worked properly
even though I received the SELinux alerts in some cases. Would that
have been so if caja was lacking SELinux permissions?
Post by Roger Heflin
you might try the restorecon against the caja executable itself
[... snip ...]
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io
home user
2021-04-13 21:55:57 UTC
Permalink
Are you running permissive or enforcing? >
if permissive then it does not block anything, but says it is blocking
if enforcing it is blocking something, though it may be a
pointless/useless interface feature of some sort that does not matter,
and does not really affect functionality.
And it might be some sort of sub process that is failing to do
something that may or may not matter.
When I first installed this system 8 years ago, SELinux was there by
default. My knowledge of it is very high level and superficial. I
don't recall ever setting anything either of those 2 ways; I'm running
whatever the default is. I don't know the answer to your question, nor
do I know how to find out.

I do need to find a better way to reproduce the problem and test fixes
(like the restorecon command you suggested). Currently, it seems I get
the problem only the first 1 or 2 times per login, per boot, or per day
(I haven't yet figured out which). I also want to figure out if the
problem is limited to caja, or if "files" also has the problem.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: ht
Roger Heflin
2021-04-13 23:06:22 UTC
Permalink
sestatus will show the current status.

if enforcing then something may not be functioning as designed.

if permissive then it will report it is blocking when it is not, and
if you set it enforcing then something would probably break.

if you set it permissive at one time then it will stay set permissive.
Post by home user
Are you running permissive or enforcing? >
if permissive then it does not block anything, but says it is blocking
if enforcing it is blocking something, though it may be a
pointless/useless interface feature of some sort that does not matter,
and does not really affect functionality.
And it might be some sort of sub process that is failing to do
something that may or may not matter.
When I first installed this system 8 years ago, SELinux was there by
default. My knowledge of it is very high level and superficial. I
don't recall ever setting anything either of those 2 ways; I'm running
whatever the default is. I don't know the answer to your question, nor
do I know how to find out.
I do need to find a better way to reproduce the problem and test fixes
(like the restorecon command you suggested). Currently, it seems I get
the problem only the first 1 or 2 times per login, per boot, or per day
(I haven't yet figured out which). I also want to figure out if the
problem is limited to caja, or if "files" also has the problem.
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedo
home user
2021-04-13 23:31:29 UTC
Permalink
Post by Roger Heflin
sestatus will show the current status.
if enforcing then something may not be functioning as designed.
if permissive then it will report it is blocking when it is not, and
if you set it enforcing then something would probably break.
if you set it permissive at one time then it will stay set permissive.
It is "enforcing":

bash.1[~]: su -
Password:
-bash.1[~]: sestatus -v
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33

Process contexts:
Current context:
unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
Init context: system_u:system_r:init_t:s0

File contexts:
Controlling terminal: unconfined_u:object_r:user_devpts_t:s0
/etc/passwd system_u:object_r:passwd_file_t:s0
/etc/shadow system_u:object_r:shadow_t:s0
/bin/bash system_u:object_r:shell_exec_t:s0
/bin/login system_u:object_r:login_exec_t:s0
/bin/sh system_u:object_r:bin_t:s0 ->
system_u:object_r:shell_exec_t:s0
/sbin/agetty system_u:object_r:getty_exec_t:s0
/sbin/init system_u:object_r:bin_t:s0 ->
system_u:object_r:init_exec_t:s0
/usr/sbin/sshd system_u:object_r:sshd_exec_t:s0
/lib/libc.so.6 system_u:object_r:lib_t:s0 ->
system_u:object_r:lib_t:s0
/lib/ld-linux.so.2 system_u:object_r:lib_t:s0 ->
system_u:object_r:ld_so_t:s0
Post by Roger Heflin
Post by home user
Are you running permissive or enforcing? >
if permissive then it does not block anything, but says it is blocking
if enforcing it is blocking something, though it may be a
pointless/useless interface feature of some sort that does not matter,
and does not really affect functionality.
And it might be some sort of sub process that is failing to do
something that may or may not matter.
When I first installed this system 8 years ago, SELinux was there by
default. My knowledge of it is very high level and superficial. I
don't recall ever setting anything either of those 2 ways; I'm running
whatever the default is. I don't know the answer to your question, nor
do I know how to find out.
I do need to find a better way to reproduce the problem and test fixes
(like the restorecon command you suggested). Currently, it seems I get
the problem only the first 1 or 2 times per login, per boot, or per day
(I haven't yet figured out which). I also want to figure out if the
problem is limited to caja, or if "files" also has the problem.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: http
Ed Greshko
2021-04-13 23:20:29 UTC
Permalink
At least 3 times in the past few days I've seen the same SELinux alert.  I put the text of the details in the attached file "alerts.txt".  All 3 occurrences were while using caja to rename or delete a file, though it does not happen every time I rename or delete a file in caja.  These alerts confuse me.  There is no directory "/memdf:"...
-bash.1[~]: cd /
-bash.2[/]: ls -a
.    boot    etc   lib64       mnt   root  srv system-upgrade       usr
..   .cache  home  lost+found  opt   run   sys system-upgrade-root  var
bin  dev     lib   media       proc  sbin  sysroot  tmp
-bash.3[/]: ls -a /memfd*
ls: cannot access '/memfd*': No such file or directory
Also, the directory name (ending with a colon?) looks fishy. Further, the filename ".nvidia_drv.XXXXXX" looks fishy (but "legal").
-bash.4[/]: /sbin/restorecon -v /memfd:/.nvidia_drv.XXXXXX (deleted)
-bash: syntax error near unexpected token `('
-bash.5[/]: /sbin/restorecon -v /memfd:/.nvidia_drv.XXXXXX
/sbin/restorecon: SELinux: Could not get canonical path for /memfd:/.nvidia_drv.XXXXXX restorecon: No such file or directory.
I gather that a directory and or file (whatever its name really is) are missing?
memfd refers to "Memory File Descriptor".  The file in question exists only in RAM and is a temporary file at that.
Command such as "restorecon" are useless for this.

I'm guessing it may be caused not by caja by xeyes.  But if you're not having any problems it would be
something that I'd ignore.  I don't know if this would apply, but when the Alert pops up there should be
a button for "ignore" beside the button for "troubleshoot".  If I recall correctly.

If I were having these alerts and wanted to do a little debugging I'd first run my sessions without xeyes.

I don't know how you installed your nVidia drivers.  But, I would check to make sure what I had were the
latest.  FWIW, I use the nVidia stuff packaged by rpmfusion.
--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pa
home user
2021-04-14 03:41:45 UTC
Permalink
On 4/13/21 5:20 PM, Ed Greshko wrote:

Long zoom meeting done; now I'm back to this.
Post by Ed Greshko
memfd refers to "Memory File Descriptor".  The file in question exists
only in RAM and is a temporary file at that.
Command such as "restorecon" are useless for this.
ok.
Post by Ed Greshko
I'm guessing it may be caused not by caja by xeyes.  But if you're not
having any problems it would be
something that I'd ignore.  I don't know if this would apply, but when
the Alert pops up there should be
a button for "ignore" beside the button for "troubleshoot".  If I recall correctly.
You remember correctly.
Post by Ed Greshko
If I were having these alerts and wanted to do a little debugging I'd
first run my sessions without xeyes.
I don't know how you installed your nVidia drivers.  But, I would check
to make sure what I had were the
latest.  FWIW, I use the nVidia stuff packaged by rpmfusion.
I started out with the proprietary driver 8 years ago. 1 or 2 years
later, as advised by this list, I switched to the kmod? package(s?) from
rpmfusion. The rpmfusion stuff was installed the way members of this
list instructed. I see the rpmfusion stuff patched during over half of
my weekly patches.

I don't know if any of this helps, but here goes:
* The problem started after upgrading to f33.
* I have not noticed any problems with xeyes.
* The sequence of steps leading to the alerts is:
1. Using the command line in a terminal, download a Chinese music video.
The resulting file has a name made of traditional (Taiwan) Chinese
characters.
2. Launch caja.
3. Use caja to rename the file to something with all ASCII characters.
4. Use caja to launch the file for viewing. I think it's launching VLC
for that.
5. View the file and, using vim in a terminal, make study notes.
6. In caja, delete the file.
In caja, for each file, there is a small icon, the name of the file, and
meta-data for the file. In the case of video files, that icon is an
image, a frame from the video. The factors that have been occurring to
me are the traditional Chinese characters and the image icons. But why
only the first time in a login session? That's what most puzzles me.

Tomorrow morning, I will try the no-xeyes test that you suggest.

Ignoring the problem is tempting, but I don't want to give up toooooo
easily.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure
Ed Greshko
2021-04-14 07:26:20 UTC
Permalink
Tomorrow morning, I will try the no-xeyes test that you suggest.
Ignoring the problem is tempting, but I don't want to give up toooooo easily.
Well, pardon me for saying I find that last observation somewhat narrow in scope.  :-) :-)

That being said....

Your AVC you posted was....

type=AVC msg=audit(1618332726.288:964): avc:  denied  { write } for  pid=129605 co
mm="gstglcontext" path=2F6D656D66643A2F2E6E76696469615F6472762E5858585858582028646
56C6574656429 dev="tmpfs" ino=1025 scontext=unconfined_u:unconfined_r:thumb_t:s0-s
0:c0.c1023 tcontext=system_u:object_r:xserver_tmpfs_t:s0 tclass=file permissive=0

Are all of your alerts of this kind?  You may want to use "ausearch" with -c gstglcontext.
You can narrow the window by using -ts in the ausearch command. Looking a the man page
to find the options for that parameter.

That being said, gstglcontext is related to OpenGL which "is a cross-language, cross-platform application programming interface (API) for rendering 2D and 3D vector graphics".  The "scontext" has as part of it xserver_tmpfs_t which furthers this.

So, the next time you get this alert check out the AVC and find the process associated with pid=.

--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fe
home user
2021-04-14 16:33:39 UTC
Permalink
Last night, in ".bash_profile", I commented out the block of code that
launches xeyes, and shut down for the night.

This morning, I booted up and logged in, No xeyes. I downloaded a
Chinese music video. I then launched caja. Before I tried doing
anything in it, a SELinux alert appeared,

So it seems that xeyes has nothing to do with this problem.

I tried launching "files". I did not see any SELinux alerts.
Post by Ed Greshko
Your AVC you posted was....
type=AVC msg=audit(1618332726.288:964): avc:  denied  { write } for
pid=129605 co
mm="gstglcontext"
path=2F6D656D66643A2F2E6E76696469615F6472762E5858585858582028646
56C6574656429 dev="tmpfs" ino=1025
scontext=unconfined_u:unconfined_r:thumb_t:s0-s
0:c0.c1023 tcontext=system_u:object_r:xserver_tmpfs_t:s0 tclass=file permissive=0
Are all of your alerts of this kind?  You may want to use "ausearch" with -c gstglcontext.
You can narrow the window by using -ts in the ausearch command. Looking a the man page
to find the options for that parameter.
After doing the above described test, I ran the command to get
everything from the start of yesterday. I posted the results in a
simple text file on the google drive. Here's the link:
"https://drive.google.com/file/d/1-BSwKWu_Mi3CozfLRi2dQmzPndi3HHqj/view?usp=sharing"
Post by Ed Greshko
That being said, gstglcontext is related to OpenGL which "is a
cross-language, cross-platform application programming interface (API)
for rendering 2D and 3D vector graphics".  The "scontext" has as part of
it xserver_tmpfs_t which furthers this.
So, the next time you get this alert check out the AVC and find the
process associated with pid=.
I tried that using "ps -ef | grep [pid]". The only hit was the ps
command itself.

I still have the SELinux alert details for the past several days. I can
post anything that you want to see, if that would help.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fed
Ed Greshko
2021-04-14 18:52:22 UTC
Permalink
I tried that using "ps -ef | grep [pid]".  The only hit was the ps command itself.
It is not clear to me that you did this immediately after getting the alert.

According to the ausearch_out the PID is different at each instance of an alert.  So, it is possible that
whatever process produced the alert has exited or died after the series of alerts.

--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infras
Roger Heflin
2021-04-14 19:50:23 UTC
Permalink
He might want to run a strace -o appname.out -f
<startupappgettingtheerrorandoptions>

And then do the ausearch and we should be able to see what what the
pid was doing and/or what executable it was.
Post by Ed Greshko
I tried that using "ps -ef | grep [pid]". The only hit was the ps command itself.
It is not clear to me that you did this immediately after getting the alert.
According to the ausearch_out the PID is different at each instance of an alert. So, it is possible that
whatever process produced the alert has exited or died after the series of alerts.
--
Remind me to ignore comments which aren't germane to the thread.
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https:/
home user
2021-04-14 21:08:28 UTC
Permalink
Post by Roger Heflin
He might want to run a strace -o appname.out -f
<startupappgettingtheerrorandoptions>
And then do the ausearch and we should be able to see what what the
pid was doing and/or what executable it was.
What options would you find most helpful?
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastruct
Roger Heflin
2021-04-14 21:46:55 UTC
Permalink
really just start caja from the terminal with strace -o caja.out -f
`which caja`

do what you normally do and exit.

then grep pid caja.out and that will should tell you what executable
that pid was and some of what it did.

That will produce an .out file that contains all of the pid's and what
those pids were and some of what they did.
Post by home user
Post by Roger Heflin
He might want to run a strace -o appname.out -f
<startupappgettingtheerrorandoptions>
And then do the ausearch and we should be able to see what what the
pid was doing and/or what executable it was.
What options would you find most helpful?
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the
home user
2021-04-14 22:00:10 UTC
Permalink
Post by Roger Heflin
really just start caja from the terminal with strace -o caja.out -f
`which caja`
do what you normally do and exit.
then grep pid caja.out and that will should tell you what executable
that pid was and some of what it did.
That will produce an .out file that contains all of the pid's and what
those pids were and some of what they did.
I'll try this tomorrow morning. See my reply to Ed for the explanation.
Post by Roger Heflin
Post by home user
Post by Roger Heflin
He might want to run a strace -o appname.out -f
<startupappgettingtheerrorandoptions>
And then do the ausearch and we should be able to see what what the
pid was doing and/or what executable it was.
What options would you find most helpful?
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fed
home user
2021-04-14 21:06:33 UTC
Permalink
Post by Ed Greshko
I tried that using "ps -ef | grep [pid]".  The only hit was the ps command itself.
It is not clear to me that you did this immediately after getting the alert.
1. I launched caja from the gnome activities dash. The caja GUI displays.
2. The SELinux alert shows up.
3. I trackball over to the alert and click the Details button.
4. The Details window comes up, I trackball over to it, I make it bigger.
5. I scroll down and look for the pid.
6. I trackball over to the terminal and enter the ps command.
Steps 2 thru 6 do take several seconds, maybe up to a minute. That's as
"immediate" as I can do.
Post by Ed Greshko
According to the ausearch_out the PID is different at each instance of
an alert.  So, it is possible that
whatever process produced the alert has exited or died after the series of alerts.
I agree.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infra
Ed Greshko
2021-04-14 21:18:05 UTC
Permalink
Post by Ed Greshko
I tried that using "ps -ef | grep [pid]".  The only hit was the ps command itself.
It is not clear to me that you did this immediately after getting the alert.
1. I launched caja from the gnome activities dash.  The caja GUI displays.
2. The SELinux alert shows up.
3. I trackball over to the alert and click the Details button.
4. The Details window comes up, I trackball over to it, I make it bigger.
5. I scroll down and look for the pid.
6. I trackball over to the terminal and enter the ps command.
Steps 2 thru 6 do take several seconds, maybe up to a minute. That's as "immediate" as I can do.
Is your desktop "GNOME" or "GNOME on Xorg"?

Which ever one it is, could you try switching to the other one to see if the issue continues
to exist?

--
Remind me to ignore comments which aren't germane to the thread.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-i
home user
2021-04-14 21:57:53 UTC
Permalink
Post by Ed Greshko
Is your desktop "GNOME" or "GNOME on Xorg"?
The desktop menu at login has 4 GNOME entries:
GNOME
GNOME
GNOME Classic
GNOME on Xorg
I usually use the first GNOME.
Side question: What's the difference between the first two entries?
Post by Ed Greshko
Which ever one it is, could you try switching to the other one to see if
the issue continues
to exist?
Unable to determine!

I logged out, and then logged back in without changing the desktop.
I launched Files. No alert.
I launched caja. No alert.

I shut down and the booted up and logged in with GNOME.
I launched Files. No alert.
I launched caja. No alert.

I shut down and booted up and logged in with GNOME.
I launched caja. No alert.

I shut down and booted up and logged in with GNOME on Xorg.
I launched caja. No alert.

Yesterday evening, I suspected that the problem can be reproduced only
once per day. That's why I said last night that I would test this morning.

The above test sequence strengthens my suspicion, but does not prove,
that this problem can be reproduced only once per day (not once per
login session, not once per boot session). I can't (yet) rule out that
the open terminal, Thunderbird, or "youtube-dl" somehow play into this.

I'm also still trying to determine whether this problem is unique to
caja, or if Files has the same problem.

I'll try your suggested test again tomorrow morning.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/
Ed Greshko
2021-04-14 22:43:45 UTC
Permalink
Is your desktop "GNOME" or "GNOME on Xorg"?
GNOME
GNOME
GNOME Classic
GNOME on Xorg
I usually use the first GNOME.
Side question: What's the difference between the first two entries?
I don't know why you'd have 2.  Both are probably Wayland.

So, tomorrow, start by using "GNOME on Xorg"

As far as determining if you're in a wayland or Xorg environment.

Wayland
[***@f33g ~]$ env | grep -i wayland
XDG_SESSION_TYPE=wayland
XAUTHORITY=/run/user/1000/.mutter-Xwaylandauth.3OTU10
WAYLAND_DISPLAY=wayland-0
[***@f33g ~]$

Xorg
[***@f33g ~]$ env | grep -i wayland
[***@f33g ~]$

Also

Wayland
earlyoom     572       1  0 06:41 ?        00:00:00 /usr/bin/earlyoom -r 0 -m 4 -M 409600 --prefer ^Web Content$ --avoid ^(dnf|packagekitd|gnome-shell|gnome-session-c|gnome-session-b|lightdm|sddm|sddm-helper|gdm|gdm-wayland-ses|gdm-session-wor|gdm-x-session|Xorg|Xwayland|systemd|systemd-logind|dbus-daemon|dbus-broker|cinnamon|cinnamon-sessio|kwin_x11|kwin_wayland|plasmashell|ksmserver|plasma_session|startplasma-way|xfce4-session|mate-session|marco|lxqt-session|openbox)$
egreshko    1299    1253  0 06:42 tty2     00:00:00 /usr/libexec/gdm-wayland-session /usr/bin/gnome-session
egreshko    1432    1375  0 06:42 ?        00:00:00 /usr/bin/Xwayland :0 -rootless -noreset -accessx -core -auth /run/user/1000/.mutter-Xwaylandauth.X2CY10 -listen 4 -listen 5 -displayfd 6 -listen 7

Xorg
Ony the line for earlyoom.


--
Remind me to ignore comments which aren't germane to the thread.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructur
home user
2021-04-15 16:06:28 UTC
Permalink
Post by Ed Greshko
GNOME
GNOME
GNOME Classic
GNOME on Xorg
I usually use the first GNOME.
Side question: What's the difference between the first two entries?
So, tomorrow, start by using "GNOME on Xorg"
As far as determining if you're in a wayland or Xorg environment.
Wayland
XDG_SESSION_TYPE=wayland
XAUTHORITY=/run/user/1000/.mutter-Xwaylandauth.3OTU10
WAYLAND_DISPLAY=wayland-0
Xorg
Done as requested.

Regardless of whether I log in using the first, third, or fourth GNOME
choice, I get:
bash.1[~]: env | grep -i wayland
bash.2[~]:
I did not try GNOME Classic.
Post by Ed Greshko
Also
Wayland
earlyoom     572       1  0 06:41 ?        00:00:00 /usr/bin/earlyoom -r
0 -m 4 -M 409600 --prefer ^Web Content$ --avoid
^(dnf|packagekitd|gnome-shell|gnome-session-c|gnome-session-b|lightdm|sddm|sddm-helper|gdm|gdm-wayland-ses|gdm-session-wor|gdm-x-session|Xorg|Xwayland|systemd|systemd-logind|dbus-daemon|dbus-broker|cinnamon|cinnamon-sessio|kwin_x11|kwin_wayland|plasmashell|ksmserver|plasma_session|startplasma-way|xfce4-session|mate-session|marco|lxqt-session|openbox)$
egreshko    1299    1253  0 06:42 tty2     00:00:00
/usr/libexec/gdm-wayland-session /usr/bin/gnome-session
egreshko    1432    1375  0 06:42 ?        00:00:00 /usr/bin/Xwayland :0
-rootless -noreset -accessx -core -auth
/run/user/1000/.mutter-Xwaylandauth.X2CY10 -listen 4 -listen 5
-displayfd 6 -listen 7
Xorg
Ony the line for earlyoom.
What command did you use for the above? It looks like "ps" output, but
when I try, I get these:
bash.8[~]: ps -ef | grep -i earlyoom
weilian+ 2823 2705 0 09:53 pts/0 00:00:00 grep --color=auto -i
earlyoom
bash.9[~]: ps -aux | grep -i earlyoom
weilian+ 2829 0.0 0.0 221564 840 pts/0 S+ 09:53 0:00 grep
--color=auto -i earlyoom
bash.10[~]: ps -al | grep -i earlyoom
bash.11[~]:

I did also try logging in to plasma with wayland. After entering my
credentials, the screens went black. After 2 minutes, I hit the hard
reset and rebooted.

Through 8 years of weekly patches and semi-annual upgrades, I've never
done anything to block or disable wayland. Shouldn't it have been
automatically installed somewhere in those 8 years? What did I do wrong
or not do?

I'll report caja testing in my next message.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infras
home user
2021-04-15 16:48:58 UTC
Permalink
(responding to multiple posts)

As Ed requested, this morning I signed in to "GNOME on Xorg" first. My
tests were as follows.

Test A.
1. Using the command line in a terminal, I downloaded a Chinese music
video. The resulting file has a name made of traditional (Taiwan)
Chinese characters.
2. I launched caja.
A SELinux alert pops up.
3. I used caja to rename the file to something with all ASCII characters.
A Selinux alert pops up.
Steps 2 and 3 were done a few times. For step 2, the SELinux alert
occurs the first time only.
For step 3, the SELinux alert occurs every time.

Then Test B.
1. I did "strace -o caja.out -f /usr/bin/caja".
2. I used caja to rename a file to something with all ASCII characters.
A Selinux alert pops up.
3. I closed caja by clicking the little x in the upper right corner of
the GUI.

Then Test C.
1. I launched Files.
2. I used Files to rename a file to something with all ASCII characters.
3. I closed Files by clicking the little x in the upper right corner of
the GUI.
No SELinux alerts.

Then Test D.
1. I launched caja.
2. I used caja to rename a file to something with all ASCII characters.
3. I closed caja by clicking the little x in the upper right corner of
the GUI.
No SELinux alerts.

Files seems to do something that prevents any further SELinux alerts
from caja for the rest of the day.

I did:
bash.2[~]: su -
Password:
-bash.1[~]: ausearch -c gstglcontext -ts today > ausearch_Thurs.txt
-bash.2[~]: vi ausearch_Thurs.txt
Based on time stamps, I found that the process ID for Test B was 2636.
I did:
bash.17[~]: grep 2636 caja.out > grep2636.out
The resulting file is over 34000 lines long. How can I pare this down?
What should I put on the google drive for y'all to view?
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infr
Roger Heflin
2021-04-15 21:57:51 UTC
Permalink
Google drive probably. The first few lines should tell you what
process it was starting.

I really usually only look at filesystem type calls as those are
usually the most valuable for something like this. open, unlink
(remove), stat (get info like ls shows), and say rename or renameat.

A lot of stats always fail as it is used to see if various things
exist here or there.

Basic it loads an executable, lots of setup of that executable then
toward the end is the real work the program does.

On a mv strace I get 117 lines with the executable and options at the
top, a bunch of loading of libs and stuff for executable then 10 lines
from the bottom is the actual rename, and the exit of the program.
Post by home user
(responding to multiple posts)
As Ed requested, this morning I signed in to "GNOME on Xorg" first. My
tests were as follows.
Test A.
1. Using the command line in a terminal, I downloaded a Chinese music
video. The resulting file has a name made of traditional (Taiwan)
Chinese characters.
2. I launched caja.
A SELinux alert pops up.
3. I used caja to rename the file to something with all ASCII characters.
A Selinux alert pops up.
Steps 2 and 3 were done a few times. For step 2, the SELinux alert
occurs the first time only.
For step 3, the SELinux alert occurs every time.
Then Test B.
1. I did "strace -o caja.out -f /usr/bin/caja".
2. I used caja to rename a file to something with all ASCII characters.
A Selinux alert pops up.
3. I closed caja by clicking the little x in the upper right corner of
the GUI.
Then Test C.
1. I launched Files.
2. I used Files to rename a file to something with all ASCII characters.
3. I closed Files by clicking the little x in the upper right corner of
the GUI.
No SELinux alerts.
Then Test D.
1. I launched caja.
2. I used caja to rename a file to something with all ASCII characters.
3. I closed caja by clicking the little x in the upper right corner of
the GUI.
No SELinux alerts.
Files seems to do something that prevents any further SELinux alerts
from caja for the rest of the day.
bash.2[~]: su -
-bash.1[~]: ausearch -c gstglcontext -ts today > ausearch_Thurs.txt
-bash.2[~]: vi ausearch_Thurs.txt
Based on time stamps, I found that the process ID for Test B was 2636.
bash.17[~]: grep 2636 caja.out > grep2636.out
The resulting file is over 34000 lines long. How can I pare this down?
What should I put on the google drive for y'all to view?
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the lis
home user
2021-04-16 02:27:01 UTC
Permalink
On 4/15/21 3:57 PM, Roger Heflin wrote:
(also responding to Samuel)
Post by Roger Heflin
Google drive probably. The first few lines should tell you what
process it was starting.
I really usually only look at filesystem type calls as those are
usually the most valuable for something like this. open, unlink
(remove), stat (get info like ls shows), and say rename or renameat.
A lot of stats always fail as it is used to see if various things
exist here or there.
Basic it loads an executable, lots of setup of that executable then
toward the end is the real work the program does.
On a mv strace I get 117 lines with the executable and options at the
top, a bunch of loading of libs and stuff for executable then 10 lines
from the bottom is the actual rename, and the exit of the program.
bash.32[~]: grep 2636 caja.out > grep2636.txt
bash.33[~]: grep open caja.out > grepopen.txt
bash.34[~]: grep stat caja.out > grepstat.txt
bash.35[~]:
bash.35[~]: grep exec caja.out
2619 execve("/usr/bin/caja", ["/usr/bin/caja"], 0x7fff14191888 /* 69
vars */) = 0
2622 read(27, "2619 execve(\"/usr/bin/caja\", [\""..., 4096) = 4096
2636 execve("/usr/bin/totem-video-thumbnailer",
["/usr/bin/totem-video-thumbnailer", "-s", "128",
"file:///home/bill/KhongWe"..., "/tmp/.mate_desktop_thumbnail.19V"...],
0x7ffdd556b338 /* 69 vars */ <unfinished ...>
2636 <... execve resumed>) = 0
2652 openat(AT_FDCWD, "/sys/fs/selinux/booleans/allow_execmem",
O_RDONLY) = -1 ENOENT (No such file or directory)
2652 openat(AT_FDCWD, "/sys/fs/selinux/booleans/allow_execmem",
O_RDONLY) = -1 ENOENT (No such file or directory)
2652 openat(AT_FDCWD, "/sys/fs/selinux/booleans/deny_execmem",
O_RDONLY) = 31
bash.36[~]:
bash.36[~]: grep unlink caja.out
2643 unlink("") = -1 ENOENT (No such file or
directory)
2635 unlink("/tmp/.mate_desktop_thumbnail.19VW10") = 0
2635
unlink("/home/bill/.cache/thumbnails/fail/mate-thumbnail-factory/c39b432d203676f5e93a91a2d0d076d4.png.NVLR10")
= -1 ENOENT (No such file or directory)
bash.37[~]:
bash.37[~]: grep remove caja.out
2636 stat("/usr/lib64/gstreamer-1.0/libgstremovesilence.so",
{st_mode=S_IFREG|0755, st_size=28392, ...}) = 0
bash.38[~]:
bash.38[~]: grep rename caja.out
2635 rename("/home/bill/KhongWeeHo.mkv",
"/home/bill/KhongWeeHo_20160327.mkv" <unfinished ...>
2635 <... rename resumed>) = 0
2635
rename("/home/bill/.cache/thumbnails/fail/mate-thumbnail-factory/c39b432d203676f5e93a91a2d0d076d4.png.NVLR10",
"/home/bill/.cache/thumbnails/fail/mate-thumbnail-factory/c39b432d203676f5e93a91a2d0d076d4.png")
= 0
bash.39[~]:

The grep for the process ID "2636" found lines.
The grep for "open" found 4665 lines.
The grep for "stat" found 7449 lines.

The file caja.out is 148910 lines long.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastruct
home user
2021-04-16 02:30:56 UTC
Permalink
Post by home user
The grep for the process ID "2636" found lines.
Correction:

The grep for the process ID "2636" found 34361 lines.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: htt
Roger Heflin
2021-04-16 11:41:51 UTC
Permalink
It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.

It has an extension of .mkv so it thinks it is a video file or is it
something else?

the command was:
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"

It truncated the filenames, but you could test run the command and see
what it does from the command line. The first filename is the input
file, the 2nd one is the output of the thumbnail.
Post by home user
Post by home user
The grep for the process ID "2636" found lines.
The grep for the process ID "2636" found 34361 lines.
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-in
home user
2021-04-16 15:18:40 UTC
Permalink
Post by Roger Heflin
It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.
It has an extension of .mkv so it thinks it is a video file or is it
something else?
It is a video file.
Post by Roger Heflin
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"
It truncated the filenames, but you could test run the command and see
what it does from the command line. The first filename is the input
file, the 2nd one is the output of the thumbnail.
bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
KhongWeeHo_20160327.png
X Error of failed request: BadValue (integer parameter out of range for
operation)
Major opcode of failed request: 151 (GLX)
Minor opcode of failed request: 3 (X_GLXCreateContext)
Value in failed request: 0x0
Serial number of failed request: 63
Current serial number in output stream: 64
bash.3[~]:

I also tried an mp4 video file that I have. Same result.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://p
Roger Heflin
2021-04-16 16:27:04 UTC
Permalink
That matches what Ed had called out that it was a GL* command.

I guess that also tells you why you did not notice the failing..

given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a while
in gthumb and similar tools.

And that tool seems to be very complicated for just creating a
thumbnail as it connects to X and pulseaudio and GLX, I am guessing
someone took a gui app and made it work to generate one. I sure
whoever decided to use this tool only knew about the this way to
generate a thumbnail. And the saying goes if the only tool you have
is a hammer then everything looks like a nail.

For creating a thumbnail ffmpeg and/or mplayer would seem better, but
maybe that is not default on the systems. I might see if I can create
a script that would get used in gthumb as this tells me why I get no
thumbnails.
Post by home user
Post by Roger Heflin
It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.
It has an extension of .mkv so it thinks it is a video file or is it
something else?
It is a video file.
Post by Roger Heflin
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"
It truncated the filenames, but you could test run the command and see
what it does from the command line. The first filename is the input
file, the 2nd one is the output of the thumbnail.
bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
KhongWeeHo_20160327.png
X Error of failed request: BadValue (integer parameter out of range for
operation)
Major opcode of failed request: 151 (GLX)
Minor opcode of failed request: 3 (X_GLXCreateContext)
Value in failed request: 0x0
Serial number of failed request: 63
Current serial number in output stream: 64
I also tried an mp4 video file that I have. Same result.
_______________________________________________
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: ht
home user
2021-04-16 20:57:30 UTC
Permalink
Post by Roger Heflin
That matches what Ed had called out that it was a GL* command.
I guess that also tells you why you did not notice the failing..
given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a while
in gthumb and similar tools.
And that tool seems to be very complicated for just creating a
thumbnail as it connects to X and pulseaudio and GLX, I am guessing
someone took a gui app and made it work to generate one. I sure
whoever decided to use this tool only knew about the this way to
generate a thumbnail. And the saying goes if the only tool you have
is a hammer then everything looks like a nail.
For creating a thumbnail ffmpeg and/or mplayer would seem better, but
maybe that is not default on the systems. I might see if I can create
a script that would get used in gthumb as this tells me why I get no
thumbnails.
What I think you're saying, and my impression even apart from your post,
is that we can't realistically solve this SELinux alert problem. This
problem really has had me baffled. The SELinux alerts seem to be false
alarms; caja does what I want to do, and I can do those things other
Post by Roger Heflin
But if you're not having any problems it would be something
that I'd ignore.
For what it's worth:
* I saw no SELinux alerts when trying totem-video-thumbnailer in the
command line. I forgot to mention this in this morning's post.
* I found this morning that SELinux alerts can show up when doing file
renaming after having run Files in the same login session. So Files
does not stop further caja SELinux alerts.
* I patched my workstation (dnf upgrade) yesterday.
Post by Roger Heflin
Post by home user
Post by Roger Heflin
It seems to be running /usr/bin/totem-video-thumbnailer" so would be
something attempting to create a thumbnail for the file if it is a
video.
It has an extension of .mkv so it thinks it is a video file or is it
something else?
It is a video file.
Post by Roger Heflin
/usr/bin/totem-video-thumbnailer -s 128 file:///home/bill/KhongWe"...,
"/tmp/.mate_desktop_thumbnail.19V"
It truncated the filenames, but you could test run the command and see
what it does from the command line. The first filename is the input
file, the 2nd one is the output of the thumbnail.
bash.2[~]: totem-video-thumbnailer KhongWeeHo_20160327.mkv
KhongWeeHo_20160327.png
X Error of failed request: BadValue (integer parameter out of range for
operation)
Major opcode of failed request: 151 (GLX)
Minor opcode of failed request: 3 (X_GLXCreateContext)
Value in failed request: 0x0
Serial number of failed request: 63
Current serial number in output stream: 64
I also tried an mp4 video file that I have. Same result.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructu
Tim via users
2021-04-17 02:51:17 UTC
Permalink
Post by Roger Heflin
given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a
while in gthumb and similar tools.
The file browsers on Gnome/MATE haven't been able to create thumbnails
for video files on my computers in many years. Nothing that I tried
made it work again, and I gave up long ago.

It was a handy feature being able to see some image inside of a
stupidly named video file, to work out which was which.

--

uname -rsvp
Linux 3.10.0-1160.21.1.el7.x86_64 #1 SMP Tue Mar 16 18:28:22 UTC 2021 x86_64

Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fed
home user
2021-04-17 03:44:03 UTC
Permalink
Post by Tim via users
Post by Roger Heflin
given a video file and an png file to output it fails on my system
also (and that is with selinux as permissive and as root, so it seems
to have many issues and is simply broken in most if not all use
cases), and I don't know that I have seen a video thumbnail in a
while in gthumb and similar tools.
The file browsers on Gnome/MATE haven't been able to create thumbnails
for video files on my computers in many years. Nothing that I tried
made it work again, and I gave up long ago.
It was a handy feature being able to see some image inside of a
stupidly named video file, to work out which was which.
My experience is that sometimes I do get images from the video, and
sometimes I just get a right-pointing arrow centered in an old-fashioned
CRT TV screen. I haven't been able to discern a pattern as to when I
get which. I do notice that the odds of getting pictures is better when
the display is in grid mode rather than list mode.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the l
Samuel Sieb
2021-04-15 22:16:42 UTC
Permalink
Post by home user
Based on time stamps, I found that the process ID for Test B was 2636.
bash.17[~]: grep 2636 caja.out > grep2636.out
The resulting file is over 34000 lines long.  How can I pare this down?
 What should I put on the google drive for y'all to view?
The first few lines should be a bit of setup and an "exec" call. The
"exec" should show what program was being called. Any further steps
will depend on what that shows.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/f
home user
2021-04-20 17:39:54 UTC
Permalink
This morning, I was able to get SELinux alerts when running
totem-video-thumbnailer. I submitted a bug. Here's the link:
"https://bugzilla.redhat.com/show_bug.cgi?id=1951668".
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the l
home user
2021-05-11 16:35:21 UTC
Permalink
The SELinux alerts stopped on Thursday April 29.  That would have been
when I did weekly patches ("dnf upgrade"). I also did weekly patches on
Thursday, May 06. Since the alerts did not start showing up again, I'm
now confident they're really fixed.

I've added a comment to
"https://bugzilla.redhat.com/show_bug.cgi?id=1951668" saying what I said
in the preceding paragraph of this post.

I don't know what in the patches fixed things, but this workstation is
fixed.

I thank everyone who tried help.  I've marked this thread SOLVED.

Bill.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, report it:
Eddie O'Connor
2021-05-11 20:05:27 UTC
Permalink
I'm wondering?....the ugrade/patches fixed it?....would it have been fixed
"sooner" if you had run the dnf upgrade sooner? or was it the "latest"
upgrade/patch that did it?...
The SELinux alerts stopped on Thursday April 29. That would have been
when I did weekly patches ("dnf upgrade"). I also did weekly patches on
Thursday, May 06. Since the alerts did not start showing up again, I'm
now confident they're really fixed.
I've added a comment to
"https://bugzilla.redhat.com/show_bug.cgi?id=1951668" saying what I said
in the preceding paragraph of this post.
I don't know what in the patches fixed things, but this workstation is
fixed.
I thank everyone who tried help. I've marked this thread SOLVED.
Bill.
_______________________________________________
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
https://pagure.io/fedora-infrastructure
home user
2021-05-12 18:55:20 UTC
Permalink
Post by Eddie O'Connor
I'm wondering?....the ugrade/patches fixed it?....would it have been
fixed "sooner" if you had run the dnf upgrade sooner? or was it the
"latest" upgrade/patch that did it?...
The SELinux alerts stopped on Thursday April 29.  That would have been
when I did weekly patches ("dnf upgrade"). I also did weekly patches on
Thursday, May 06. Since the alerts did not start showing up again, I'm
now confident they're really fixed.
I've added a comment to
"https://bugzilla.redhat.com/show_bug.cgi?id=1951668
<https://bugzilla.redhat.com/show_bug.cgi?id=1951668>" saying what I
said
in the preceding paragraph of this post.
I don't know what in the patches fixed things, but this workstation is
fixed.
I thank everyone who tried help.  I've marked this thread SOLVED.
Bill.
1. before April 08, f32: no SELinux alerts.
2. April 08: upgrade from f32 to f33 (dnf system-upgrade [etc]).
3. April 08, f33: patch (dnf upgrade); dnf reported "nothing to do".
4. f33: SELinux alerts occurring.
5. April 15, f33: patch (dnf upgrade).
6. f33: SELinux alerts continue.
7. April 22, f33: patch (dnf upgrade).
8. SELinux alerts continue.
9. April 29, f33: patch (dnf upgrade).
10. f33: no more SELinux alerts.
11. May 06, f33: patch (dnf upgrade).
12. f33: Still no more SELinux alerts.
Reasonable, probable, but not certain conclusions:
a. The April 08 upgrade (step 2 above) introduced the problems.
b. Whatever fixed the problems in f33 was released sometime between
April 22 and April 29.
c. Something in my April 29 f33 patching (step 9 above) fixed the problems.
That's as much of an answer as I can give.
This all applies to both the SELinux problems and what was addressed in
my "System Failure?" thread.
_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, re
Tim via users
2021-05-13 14:35:38 UTC
Permalink
Post by home user
That's as much of an answer as I can give.
This all applies to both the SELinux problems and what was addressed
in my "System Failure?" thread.
DNF has a history command, which shows what was installed at various
stages. If you type "dnf history", you get a table of events. Then
you can use "dnf info" followed by the entry number you're interested
in, you'll see what packages were installed/updated that time.

--

uname -rsvp
Linux 3.10.0-1160.25.1.el7.x86_64 #1 SMP Wed Apr 28 21:49:45 UTC 2021 x86_64

Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.

_______________________________________________
users mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to users-***@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.org
Do not reply to spam on the list, repor

Loading...