FC5 services that will not start

Chris Jones linux at stow-jones.co.uk
Mon Jun 26 15:28:08 UTC 2006 

Paul Howarth wrote:
> Chris Jones wrote:
>> Paul Howarth wrote:
>>> Chris Jones wrote:
>>>> Paul Howarth wrote:
>>>>> On Sun, 2006-06-25 at 23:16 +0100, Chris Jones wrote:
>>>>>  
>>>>>> I am using FC5 on a generic Athlon x64 PC. I am having problems 
>>>>>> with several services.
>>>>>>
>>>>>> 1. Dovecot refuses to start. When I attempt to start the service 
>>>>>> I get a message in /var/log/messages as follows:
>>>>>> Jun 25 23:05:38 bilbo kernel: audit(1151273138.255:415): avc:  
>>>>>> denied  { create } for  pid=1480 comm="dovecot" 
>>>>>> scontext=user_u:system_r:dovecot_t:s0 
>>>>>> tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
>>>>>>
>>>>>> Can anyone here give me a hint on what I need to do to get this 
>>>>>> working? >From the log message, this seems to be something to do 
>>>>>> with selinux.
>>>>>>     
>>>>>
>>>>> Indeed it is. Some more diagnostic info would be useful. Can you post
>>>>> the output of:
>>>>>
>>>>> # ausearch -a 415
>>>>>   
>>>> produces the output >
>>>> [root at bilbo network-scripts]# ausearch -a 415
>>>> -bash: ausearch: command not found
>>>>
>>>> Clearly, I am missing this application. Where should it be? Which RPM?
>>>
>>> It's in the "audit" package.
>>>
>> Now when I run this, I get the following response:>
>> [root at bilbo network-scripts]# ausearch -a 415
>> <no matches>
>
> Have you rebooted since the error happened?
>
> Try this instead:
>
> # fgrep 1151273138.255:415 /var/log/messages
>
Results in:
Jun 25 23:05:38 bilbo kernel: audit(1151273138.255:415): avc:  denied  { 
create } for  pid=1480 comm="dovecot" 
scontext=user_u:system_r:dovecot_t:s0 
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket

Which is the last time I tried to start dovecot yesterday.

Having started the auditd service and then tried to start dovecot, I see 
the following in the audit log file:>
type=AVC msg=audit(1151335194.177:97): avc:  denied  { create } for  
pid=7668 comm="dovecot" scontext=user_u:system_r:dovecot_t:s0 
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
type=SYSCALL msg=audit(1151335194.177:97): arch=c000003e syscall=41 
success=no exit=-13 a0=0 a1=1 a2=0 a3=521040 items=0 pid=7668 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
comm="dovecot" exe="/usr/sbin/dovecot"
type=AVC msg=audit(1151335246.188:98): avc:  denied  { create } for  
pid=7682 comm="dovecot" scontext=user_u:system_r:dovecot_t:s0 
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
type=SYSCALL msg=audit(1151335246.188:98): arch=c000003e syscall=41 
success=no exit=-13 a0=0 a1=1 a2=0 a3=521040 items=0 pid=7682 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
comm="dovecot" exe="/usr/sbin/dovecot"

and a call to ausearch -a 98 gives:>
[root at bilbo audit]# ausearch -a 98
----
time->Mon Jun 26 16:20:46 2006
type=SYSCALL msg=audit(1151335246.188:98): arch=c000003e syscall=41 
success=no exit=-13 a0=0 a1=1 a2=0 a3=521040 items=0 pid=7682 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
comm="dovecot" exe="/usr/sbin/dovecot"
type=AVC msg=audit(1151335246.188:98): avc:  denied  { create } for  
pid=7682 comm="dovecot" scontext=user_u:system_r:dovecot_t:s0 
tcontext=user_u:system_r:dovecot_t:s0 tclass=socket
[root at bilbo audit]#

>>>>>> 2. On Samba, I experience a different, but possibly related 
>>>>>> problem. Samba starts, but I see the following message in the log 
>>>>>> every few minutes:
>>>>>>
>>>>>> Jun 25 23:09:25 bilbo smbd[1502]:   Denied connection from  
>>>>>> (192.168.0.5)
>>>>>> Jun 25 23:11:50 bilbo smbd[1513]: [2006/06/25 23:11:50, 0] 
>>>>>> lib/access.c:check_access(328)
>>>>>>
>>>>>> The other PC referred to in the log message is unable to even see 
>>>>>> the linux share.
>>>>>>
>>>>>> Any help here would be greatly appreciated.
>>>>>>     
>>>>>
>>>>> Do you have a "hosts allow" line in /etc/samba/smb.conf ?
>>>>>   
>>>> Yes. it reads >     hosts allow = 192.168.0 127.
>>>> which has always worked in the past.
>>>
>>> Try this:
>>> hosts allow = 192.168.0. 127.
>>
>> I have changed smb.conf to reflect that and now get (on my Windoze 
>> box), "Access is denied"
>> and in /var/log/messages, the following entries result from that 
>> attempt.
>>
>> Jun 26 15:52:35 bilbo kernel: audit(1151333555.491:86): avc:  denied  
>> { read } for  pid=7352 comm="smbd" name="home" dev=dm-0 ino=24739841 
>> scontext=user_u:system_r:smbd_t:s0 
>> tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>> Jun 26 15:52:35 bilbo kernel: audit(1151333555.571:87): avc:  denied  
>> { read } for  pid=7352 comm="smbd" name="home" dev=dm-0 ino=24739841 
>> scontext=user_u:system_r:smbd_t:s0 
>> tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>> Jun 26 15:52:35 bilbo kernel: audit(1151333555.583:88): avc:  denied  
>> { read } for  pid=7352 comm="smbd" name="home" dev=dm-0 ino=24739841 
>> scontext=user_u:system_r:smbd_t:s0 
>> tcontext=system_u:object_r:home_root_t:s0 tclass=dir
>>
>>>
>>> Paul.
>>>
>> We seem to be getting closer, but I am still stumped.
>
> You need to configure SELinux to allow samba sharing of home 
> directories (see "man samba_selinux"):
>
> # setsebool -P samba_enable_home_dirs 1
>
That works a treat. Thanks Paul

-- 
Chris Jones

More information about the fedora-list mailing list