On Fri, Jun 30, 2017 at 6:41 PM, Ed Greshko <ed.greshko(a)greshko.com> wrote:
On 07/01/17 06:33, Rick Stevens wrote:
> On 06/30/2017 01:50 PM, Garry T. Williams wrote:
>> On Thursday, June 29, 2017 11:27:04 PM EDT Alex wrote:
>>> When I attempt to start the service, journalctl -xe shows me:
>>> Validation failed for option 'ModulesDir' with value
>>> '/usr/local/savapi-sdk-linux_glibc24_x86_64/modules'. Path cannot be
>>> accessed (no write permission).
>>> ModulesDir is /usr/local/savapi-sdk-linux_glibc24_x86_64/modules
>>> When I run the script manually as root or as the amavis user, it runs
>> Sounds like Selinux -- not systemd.
> Uhm, possibly. Only a browse through the AVC log would tell.
Maybe, maybe not. Many of the selinux rules these days are set "dontaudit" and
won't get an AVC. So, to test it I found it best to either setenforce 0 or run
semodule to disable dontaudit and then look to see if an AVC is created.
No, selinux was disabled at boot (security=0).
The problem has something to do with /usr/local itself. Changing the
path to /var/lib/daemon-dir fixed the problem.
There's some relationship to systemd and the ability for it to control
write access to system directories.
I've read through much of the systemd documentation now, and don't see
any option which controls whether a daemon has write access to normal
Someone with more knowledge of how it all works will hopefully comment.
> Fedora Users List - The place to go to speculate endlessly
> users mailing list -- users(a)lists.fedoraproject.org
> To unsubscribe send an email to users-leave(a)lists.fedoraproject.org