That'd be great!I was trying to recover the error info from the logs, but not successful yet; it was in between many things I tried, and I did not actually expect this to be the solution, so did not keep notes. But it was complaining about errors on /var/lib/sss/mc/passwd and I think trying to apply the suggested resolution did give errors mentioning a monetdb file, when I tried dnf remove MonetDB-selinux and then my system was back to normal state...I hesitate to bring it in failed state again using the current packages... but happy to try and compile a new MonetDB.If I would try whether your fix works, should I just build a MonetDB from current repo to test?Cheers,ArjenOn Mon, 4 May 2020 at 17:22, Sjoerd Mullender <sjoerd@monetdb.org> wrote:I think (hope) I fixed the problem. But I'm afraid this will have to
wait for a release (unless you want to build yourself).
On 03/05/2020 18.56, Sjoerd Mullender wrote:
> What error did you get from restorecon?
>
> On 02/05/2020 23.32, Arjen P. de Vries wrote:
>> Hi all,
>>
>> Not really a bug report because I did not manage to figure out the cause.
>>
>> However, after upgrading from FC31 to FC32 I could not login any more,
>> due to SELinux problems. Auto-relabeling did not work, nothing really...
>>
>> ... until I did dnf uninstall MonetDB-selinux.
>>
>> I came to this point because trying to give systemd services the correct
>> labels with restorecon failed with an error referencing a monetdb
>> specific file.
>>
>> I do not have the details unfortunately, but if you get problems, beware
>> that MonetDB SELinux package and systemd may interfere in some way
>> beyond my knowledge of these services.
>>
>> Best regards,
>>
>> Arjen
>>
>> PS: Some output from logs:
>>
>> sudo ausearch -c monetdb -m AVC,SELINUX_ERR
>>
>> [..]
>>
>> ----
>> time->Sat May 2 20:57:01 2020
>> type=AVC msg=audit(1588445821.693:203): avc: denied { open } for
>> pid=1232 comm="monetdbd" path="/etc/resolv.conf" dev="dm-0" ino=3409775
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May 2 21:12:56 2020
>> type=AVC msg=audit(1588446776.043:1194): avc: denied { execute } for
>> pid=2861 comm="(monetdbd)" name="monetdbd" dev="dm-0" ino=2147256
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="unconfined_u:object_r:monetdbd_exec_t:s0"
>> ----
>> time->Sat May 2 21:12:56 2020
>> type=AVC msg=audit(1588446776.043:1195): avc: denied {
>> execute_no_trans } for pid=2861 comm="(monetdbd)"
>> path="/usr/bin/monetdbd" dev="dm-0" ino=2147256
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="unconfined_u:object_r:monetdbd_exec_t:s0"
>> ----
>> time->Sat May 2 21:12:56 2020
>> type=AVC msg=audit(1588446776.044:1196): avc: denied { map } for
>> pid=2861 comm="monetdbd" path="/usr/bin/monetdbd" dev="dm-0"
>> ino=2147256 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="unconfined_u:object_r:monetdbd_exec_t:s0"
>> ----
>> time->Sat May 2 21:12:56 2020
>> type=AVC msg=audit(1588446776.714:1197): avc: denied { remove_name }
>> for pid=1232 comm="monetdbd" name="merovingian.pid" dev="tmpfs"
>> ino=34369 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
>> trawcon="system_u:object_r:monetdbd_var_run_t:s0"
>> ----
>> time->Sat May 2 21:12:56 2020
>> type=AVC msg=audit(1588446776.714:1198): avc: denied { unlink } for
>> pid=1232 comm="monetdbd" name="merovingian.pid" dev="tmpfs" ino=34369
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May 2 21:12:56 2020
>> type=AVC msg=audit(1588446776.714:1199): avc: denied { write } for
>> pid=1232 comm="monetdbd" name=".merovingian_lock" dev="dm-0"
>> ino=5899443 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="system_u:object_r:monetdbd_lock_t:s0"
>> ----
>> time->Sat May 2 21:13:15 2020
>> type=AVC msg=audit(1588446795.214:1209): avc: denied { read } for
>> pid=2925 comm="(monetdbd)" name="passwd" dev="dm-0" ino=524514
>> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0
>> tclass=file permissive=1
>> ----
>> time->Sat May 2 21:13:15 2020
>> type=AVC msg=audit(1588446795.214:1210): avc: denied { open } for
>> pid=2925 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May 2 21:13:15 2020
>> type=AVC msg=audit(1588446795.214:1211): avc: denied { map } for
>> pid=2925 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May 2 21:14:24 2020
>> type=AVC msg=audit(1588446864.487:1281): avc: denied { read } for
>> pid=3072 comm="(monetdbd)" name="passwd" dev="dm-0" ino=524514
>> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0
>> tclass=file permissive=1
>> ----
>> time->Sat May 2 21:14:24 2020
>> type=AVC msg=audit(1588446864.487:1282): avc: denied { open } for
>> pid=3072 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May 2 21:14:24 2020
>> type=AVC msg=audit(1588446864.487:1283): avc: denied { map } for
>> pid=3072 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>>
>> --
>> ====================================================================
>> ICIS, office M1.00.05 Radboud University
>> Mercator 1 Faculty of Science
>> Toernooiveld 212 arjen@cs.ru.nl
>> <mailto:arjen@cs.ru.nl>
>> NL-6525 EC Nijmegen, The Netherlands +31-(0)24-365 2354
>> ===================== http://www.informagus.nl/====================
>>
>>
>>
>> --
>> ====================================================================
>> ICIS, office M1.00.05 Radboud University
>> Mercator 1 Faculty of Science
>> Toernooiveld 212 arjen@cs.ru.nl
>> <mailto:arjen@cs.ru.nl>
>> NL-6525 EC Nijmegen, The Netherlands +31-(0)24-365 2354
>> ===================== http://www.informagus.nl/====================
>>
>> _______________________________________________
>> users-list mailing list
>> users-list@monetdb.org
>> https://www.monetdb.org/mailman/listinfo/users-list
>>
>
--
Sjoerd Mullender
_______________________________________________
users-list mailing list
users-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/users-list
--====================================================================ICIS, office M1.00.05 Radboud UniversityMercator 1 Faculty of ScienceToernooiveld 212 arjen@cs.ru.nlNL-6525 EC Nijmegen, The Netherlands +31-(0)24-365 2354