Le 05/03/2020 à 13:53, Ed Greshko a écrit :
On 2020-03-05 19:12, François Patte wrote:
> Bonjour,
>
> I am wondering why selinux changes its policy. I did note update or
> upgrade my system for a long time now, but selinux policy has changed!
>
> I used to use dictd server on my computer and it worked fine up today: I
> can't start the server for selinux block it (If I setenforce 0, I can
> start the dictd server). Why? I don't know.
>
> And, as usual, journalctl is unable to give me any clue:
>
> using journalctl -u dictd answers:
> mars 05 11:57:53 dipankar systemd[1]: Starting Dictd Dictionary Server
> Daemon...
> mars 05 11:57:53 dipankar systemd[1]: Started Dictd Dictionary Server
> Daemon.
> mars 05 11:57:53 dipankar systemd[1]: dictd.service: Main process
> exited, code=exited, status=1/FAILURE
> mars 05 11:57:53 dipankar systemd[1]: dictd.service: Failed with result
> 'exit-code'.
>
> Thank you sir! "Failed with result 'exit-code'" What can I do with
this.
>
> dictd.log file is also useless:
> :I: 1701 starting dictd 1.12.1/rf on Linux 5.3.14-200.fc30.x86_64 Thu
> Mar 5 11:21:46 2020
>
> :I: Initializing 'MW'
>
> :I: Opening indices
>
> (dict_index_open) Cannot mmap index file "H=
> (dict_index_open) dict_index_open: Permission denied
>
> OK! What can I do with this?
>
> The only way I found is to stop selinux!
>
> Who can help?
When the server fails to start with selinux enabled what do you get with
ausearch -m AVC,USER_AVC -ts recent
[root@dipankar ~]# ausearch -m AVC,USER_AVC -ts recent
----
time->Thu Mar 5 13:59:30 2020
type=USER_AVC msg=audit(1583413170.329:323): pid=4465 uid=0 auid=3025
ses=2 subj=unconfined_u:unconfined_r:unconfined_dbusd_t:s0-s0:c0.c1023
msg='avc: received setenforce notice (enforcing=1)
exe="/usr/bin/dbus-daemon" sauid=0 hostname=? addr=? terminal=?'
----
time->Thu Mar 5 13:59:36 2020
type=USER_AVC msg=audit(1583413176.369:324): pid=1474 uid=81
auid=4294967295 ses=4294967295
subj=system_u:system_r:system_dbusd_t:s0-s0:c0.c1023 msg='avc: received
setenforce notice (enforcing=1) exe="/usr/bin/dbus-broker" sauid=81
hostname=? addr=? terminal=?'
----
time->Thu Mar 5 13:59:39 2020
type=USER_AVC msg=audit(1583413179.333:325): pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: received
setenforce notice (enforcing=1) exe="/usr/lib/systemd/systemd" sauid=0
hostname=? addr=? terminal=?'
----
time->Thu Mar 5 13:59:45 2020
type=AVC msg=audit(1583413185.069:328): avc: denied { map } for
pid=8869 comm="dictd"
path="/opt/share/stardict/dic/stardict-xmlittre-2.4.2/xmlittre.index"
dev="dm-4" ino=402 scontext=system_u:system_r:dictd_t:s0
tcontext=unconfined_u:object_r:usr_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.605:331): avc: denied { read } for
pid=8876 comm="setroubleshootd" name="Packages" dev="dm-2"
ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.841:332): avc: denied { read } for
pid=8878 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.842:333): avc: denied { read } for
pid=8878 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.842:334): avc: denied { read } for
pid=8878 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.853:335): avc: denied { read } for
pid=8879 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.853:336): avc: denied { read } for
pid=8879 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.872:337): avc: denied { read } for
pid=8882 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
----
time->Thu Mar 5 13:59:48 2020
type=AVC msg=audit(1583413188.872:338): avc: denied { read } for
pid=8882 comm="rpm" name="Packages" dev="dm-2" ino=655505
scontext=system_u:system_r:setroubleshootd_t:s0
tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0
--
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)6 7892 5822
http://www.math-info.univ-paris5.fr/~patte
FSF
https://www.fsf.org/blogs/community/presenting-shoetool-happy-holidays-fr...