Hi, On Fri, Jun 30, 2017 at 6:41 PM, Ed Greshko <ed.greshko@xxxxxxxxxxx> wrote: > On 07/01/17 06:33, Rick Stevens wrote: >> On 06/30/2017 01:50 PM, Garry T. Williams wrote: >>> On Thursday, June 29, 2017 11:27:04 PM EDT Alex wrote: >>>> When I attempt to start the service, journalctl -xe shows me: >>>> Validation failed for option 'ModulesDir' with value >>>> '/usr/local/savapi-sdk-linux_glibc24_x86_64/modules'. Path cannot be >>>> accessed (no write permission). >>>> >>>> ModulesDir is /usr/local/savapi-sdk-linux_glibc24_x86_64/modules >>>> >>>> When I run the script manually as root or as the amavis user, it runs >>>> successfully. >>> Sounds like Selinux -- not systemd. >> Uhm, possibly. Only a browse through the AVC log would tell. > > Maybe, maybe not. Many of the selinux rules these days are set "dontaudit" and you > won't get an AVC. So, to test it I found it best to either setenforce 0 or run > semodule to disable dontaudit and then look to see if an AVC is created. No, selinux was disabled at boot (security=0). The problem has something to do with /usr/local itself. Changing the path to /var/lib/daemon-dir fixed the problem. There's some relationship to systemd and the ability for it to control write access to system directories. I've read through much of the systemd documentation now, and don't see any option which controls whether a daemon has write access to normal system directories. Someone with more knowledge of how it all works will hopefully comment. > > > -- > Fedora Users List - The place to go to speculate endlessly > > > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
