Le 05/03/2020 à 13:53, Ed Greshko a écrit :
> On 2020-03-05 19:12, François Patte wrote:
>> Bonjour,
>>
>> I am wondering why selinux changes its policy. I did note update or
>> upgrade my system for a long time now, but selinux policy has changed!
>>
>> I used to use dictd server on my computer and it worked fine up today: I
>> can't start the server for selinux block it (If I setenforce 0, I can
>> start the dictd server). Why? I don't know.
>>
>> And, as usual, journalctl is unable to give me any clue:
>>
>> using journalctl -u dictd answers:
>> mars 05 11:57:53 dipankar systemd[1]: Starting Dictd Dictionary Server
>> Daemon...
>> mars 05 11:57:53 dipankar systemd[1]: Started Dictd Dictionary Server
>> Daemon.
>> mars 05 11:57:53 dipankar systemd[1]: dictd.service: Main process
>> exited, code=exited, status=1/FAILURE
>> mars 05 11:57:53 dipankar systemd[1]: dictd.service: Failed with result
>> 'exit-code'.
>>
>> Thank you sir! "Failed with result 'exit-code'" What can I do with this.
>>
>> dictd.log file is also useless:
>> :I: 1701 starting dictd 1.12.1/rf on Linux 5.3.14-200.fc30.x86_64 Thu
>> Mar 5 11:21:46 2020
>>
>> :I: Initializing 'MW'
>>
>> :I: Opening indices
>>
>> (dict_index_open) Cannot mmap index file "H=
>> (dict_index_open) dict_index_open: Permission denied
>>
>> OK! What can I do with this?
>>
>> The only way I found is to stop selinux!
>>
>> Who can help?
>
> When the server fails to start with selinux enabled what do you get with
>
> ausearch -m AVC,USER_AVC -ts recent
>
[root@dipankar ~]# ausearch -m AVC,USER_AVC -ts recent
----
time->Thu Mar 5 13:59:30 2020
type=USER_AVC msg=audit(1583413170.329:323): pid=4465 uid=0 auid=3025
ses=2 subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
msg='avc: received setenforce notice (enforcing=1)
exe="/usr/bin/dbus-daemon" sauid=0 hostname=? addr=? terminal=?'
----
time->Thu Mar 5 13:59:36 2020
type=USER_AVC msg=audit(1583413176.369:324): pid=1474 uid=81
auid=4294967295 ses=4294967295
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received
setenforce notice (enforcing=1) exe="/usr/bin/dbus-broker" sauid=81
hostname=? addr=? terminal=?'
----
time->Thu Mar 5 13:59:39 2020
type=USER_AVC msg=audit(1583413179.333:325): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received
setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0
hostname=? addr=? terminal=?'
----
time->Thu Mar 5 13:59:45 2020
type=AVC msg=audit(1583413185.069:328): avc: denied { map } for
pid=8869 comm="dictd"
path="/opt/share/stardict/dic/stardict-xmlittre-2.4.2/xmlittre.index"
dev="dm-4" ino=402 scontext=system_u:system_r:dictd_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.605:331): avc: denied { read } for
pid=8876 comm="setroubleshootd" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.841:332): avc: denied { read } for
pid=8878 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.842:333): avc: denied { read } for
pid=8878 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.842:334): avc: denied { read } for
pid=8878 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.853:335): avc: denied { read } for
pid=8879 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.853:336): avc: denied { read } for
pid=8879 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.872:337): avc: denied { read } for
pid=8882 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.872:338): avc: denied { read } for
pid=8882 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
FSF
https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-from-the-fsf
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
