I forgot that history as user account gives a different history than history as root!

One of these commands pointed me to MonetDB-selinux as the possible source of the problem, do not remember which one and what file it pointed to though.

  799   /sbin/restorecon -v /usr/lib/systemd/systemd-journald
  800  /sbin/restorecon -v /var/lib/lightdm-data/arjen
  801  restorecon -v 'lightdm.log'
  802   /sbin/restorecon -v /var/log/lightdm/lightdm.log
  804  /sbin/restorecon -v /etc/ld.so.cache
  805  /sbin/restorecon -v /etc/ld.so.cache
  806  /sbin/restorecon -v /var/lib/sss/mc/passwd
  807  /sbin/restorecon -v /bin
  808  /sbin/restorecon -v /etc/ld.so.cache
  809   /sbin/restorecon -v /etc/.pwd.lock
  810  /sbin/restorecon -v /var/lib/sss/mc/group

I think it is was one of the two ..../sss/.... commands.

A.

On Tue, 5 May 2020 at 15:23, Arjen P. de Vries <arjen@acm.org> wrote:
That'd be great!

I was trying to recover the error info from the logs, but not successful yet; it was in between many things I tried, and I did not actually expect this to be the solution, so did not keep notes. But it was complaining about errors on /var/lib/sss/mc/passwd and I think trying to apply the suggested resolution did give errors mentioning a monetdb file, when I tried dnf remove MonetDB-selinux and then my system was back to normal state...

I hesitate to bring it in failed state again using the current packages... but happy to try and compile a new MonetDB.

If I would try whether your fix works, should I just build a MonetDB from current repo to test?

Cheers,

Arjen

On Mon, 4 May 2020 at 17:22, Sjoerd Mullender <sjoerd@monetdb.org> wrote:
I think (hope) I fixed the problem.  But I'm afraid this will have to
wait for a release (unless you want to build yourself).

On 03/05/2020 18.56, Sjoerd Mullender wrote:
> What error did you get from restorecon?
>
> On 02/05/2020 23.32, Arjen P. de Vries wrote:
>> Hi all,
>>
>> Not really a bug report because I did not manage to figure out the cause.
>>
>> However, after upgrading from FC31 to FC32 I could not login any more,
>> due to SELinux problems. Auto-relabeling did not work, nothing really...
>>
>> ... until I did dnf uninstall MonetDB-selinux.
>>
>> I came to this point because trying to give systemd services the correct
>> labels with restorecon failed with an error referencing a monetdb
>> specific file.
>>
>> I do not have the details unfortunately, but if you get problems, beware
>> that MonetDB SELinux package and systemd may interfere in some way
>> beyond my knowledge of these services.
>>
>> Best regards,
>>
>> Arjen
>>
>> PS: Some output from logs:
>>
>> sudo ausearch -c monetdb -m AVC,SELINUX_ERR
>>
>> [..]
>>
>> ----
>> time->Sat May  2 20:57:01 2020
>> type=AVC msg=audit(1588445821.693:203): avc:  denied  { open } for
>>  pid=1232 comm="monetdbd" path="/etc/resolv.conf" dev="dm-0" ino=3409775
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May  2 21:12:56 2020
>> type=AVC msg=audit(1588446776.043:1194): avc:  denied  { execute } for
>>  pid=2861 comm="(monetdbd)" name="monetdbd" dev="dm-0" ino=2147256
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="unconfined_u:object_r:monetdbd_exec_t:s0"
>> ----
>> time->Sat May  2 21:12:56 2020
>> type=AVC msg=audit(1588446776.043:1195): avc:  denied  {
>> execute_no_trans } for  pid=2861 comm="(monetdbd)"
>> path="/usr/bin/monetdbd" dev="dm-0" ino=2147256
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="unconfined_u:object_r:monetdbd_exec_t:s0"
>> ----
>> time->Sat May  2 21:12:56 2020
>> type=AVC msg=audit(1588446776.044:1196): avc:  denied  { map } for
>>  pid=2861 comm="monetdbd" path="/usr/bin/monetdbd" dev="dm-0"
>> ino=2147256 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="unconfined_u:object_r:monetdbd_exec_t:s0"
>> ----
>> time->Sat May  2 21:12:56 2020
>> type=AVC msg=audit(1588446776.714:1197): avc:  denied  { remove_name }
>> for  pid=1232 comm="monetdbd" name="merovingian.pid" dev="tmpfs"
>> ino=34369 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=dir permissive=1
>> trawcon="system_u:object_r:monetdbd_var_run_t:s0"
>> ----
>> time->Sat May  2 21:12:56 2020
>> type=AVC msg=audit(1588446776.714:1198): avc:  denied  { unlink } for
>>  pid=1232 comm="monetdbd" name="merovingian.pid" dev="tmpfs" ino=34369
>> scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May  2 21:12:56 2020
>> type=AVC msg=audit(1588446776.714:1199): avc:  denied  { write } for
>>  pid=1232 comm="monetdbd" name=".merovingian_lock" dev="dm-0"
>> ino=5899443 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=file permissive=1
>> trawcon="system_u:object_r:monetdbd_lock_t:s0"
>> ----
>> time->Sat May  2 21:13:15 2020
>> type=AVC msg=audit(1588446795.214:1209): avc:  denied  { read } for
>>  pid=2925 comm="(monetdbd)" name="passwd" dev="dm-0" ino=524514
>> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0
>> tclass=file permissive=1
>> ----
>> time->Sat May  2 21:13:15 2020
>> type=AVC msg=audit(1588446795.214:1210): avc:  denied  { open } for
>>  pid=2925 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May  2 21:13:15 2020
>> type=AVC msg=audit(1588446795.214:1211): avc:  denied  { map } for
>>  pid=2925 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May  2 21:14:24 2020
>> type=AVC msg=audit(1588446864.487:1281): avc:  denied  { read } for
>>  pid=3072 comm="(monetdbd)" name="passwd" dev="dm-0" ino=524514
>> scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_t:s0
>> tclass=file permissive=1
>> ----
>> time->Sat May  2 21:14:24 2020
>> type=AVC msg=audit(1588446864.487:1282): avc:  denied  { open } for
>>  pid=3072 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>> ----
>> time->Sat May  2 21:14:24 2020
>> type=AVC msg=audit(1588446864.487:1283): avc:  denied  { map } for
>>  pid=3072 comm="(monetdbd)" path="/var/lib/sss/mc/passwd" dev="dm-0"
>> ino=524514 scontext=system_u:system_r:init_t:s0
>> tcontext=system_u:object_r:var_t:s0 tclass=file permissive=1
>>
>> --
>> ====================================================================
>> ICIS, office M1.00.05                             Radboud University
>> Mercator 1                                        Faculty of Science
>> Toernooiveld 212                                      arjen@cs.ru.nl
>> <mailto:arjen@cs.ru.nl>
>> NL-6525 EC Nijmegen, The Netherlands              +31-(0)24-365 2354
>> ===================== http://www.informagus.nl/====================
>>
>>     
>>
>> --
>> ====================================================================
>> ICIS, office M1.00.05                             Radboud University
>> Mercator 1                                        Faculty of Science
>> Toernooiveld 212                                      arjen@cs.ru.nl
>> <mailto:arjen@cs.ru.nl>
>> NL-6525 EC Nijmegen, The Netherlands              +31-(0)24-365 2354
>> ===================== http://www.informagus.nl/====================
>>
>> _______________________________________________
>> users-list mailing list
>> users-list@monetdb.org
>> https://www.monetdb.org/mailman/listinfo/users-list
>>
>

--
Sjoerd Mullender
_______________________________________________
users-list mailing list
users-list@monetdb.org
https://www.monetdb.org/mailman/listinfo/users-list


--
====================================================================
ICIS, office M1.00.05                             Radboud University
Mercator 1                                        Faculty of Science
Toernooiveld 212                                      arjen@cs.ru.nl
NL-6525 EC Nijmegen, The Netherlands              +31-(0)24-365 2354
===================== http://www.informagus.nl/ ====================


--
====================================================================
ICIS, office M1.00.05                             Radboud University
Mercator 1                                        Faculty of Science
Toernooiveld 212                                      arjen@cs.ru.nl
NL-6525 EC Nijmegen, The Netherlands              +31-(0)24-365 2354
===================== http://www.informagus.nl/ ====================