On 2/3/20 10:02 PM, Samuel Sieb wrote:

On 2/3/20 6:59 PM, sean darcy wrote:

...

syslog has this every 10 seconds:

audit[1039229]: AVC avc:  denied  { read } for  pid=1039229 comm="rpm" name="Providename" dev="dm-1" ino=2622531 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 setroubleshootd[1036631]: error: cannot open Name index using db5 - Permission denied (13) setroubleshootd[1036631]: error: cannot open Basenames index using db5

• Permission denied (13)

setroubleshootd[1036631]: error: cannot open Providename index using db5 - Permission denied (13)

I've run restorecon -r /var/lib/rpm , but still no joy.

Any suggestions?

That's a problem with setroubleshootd, not rpm.  What user is it running under?  Check that process. _______________________________________________

How would I find that out ?

# ps aux | grep setroubleshootd root 1247827 0.0 0.0 112564 896 pts/0 S+ 10:41 0:00 grep --color=auto setroubleshootd # ps aux | grep sealert root 1250561 0.0 0.0 112432 896 pts/0 S+ 10:49 0:00 grep --color=auto sealert #

From the setroubleshootd man page:

setroubleshootd is a system daemon which runs under setroubleshoot user and listens for audit events emitted from the kernel related to SELinux.

Not very helpful, but it doesn't seem there's any daemon running.

sean

On 2020-02-04 10:59, sean darcy wrote:

syslog has this every 10 seconds:

audit[1039229]: AVC avc:  denied  { read } for  pid=1039229 comm="rpm" name="Providename" dev="dm-1" ino=2622531 scontext=system_u:system_r:setroubleshootd_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 setroubleshootd[1036631]: error: cannot open Name index using db5 - Permission denied (13) setroubleshootd[1036631]: error: cannot open Basenames index using db5 - Permission denied (13) setroubleshootd[1036631]: error: cannot open Providename index using db5 - Permission denied (13)

I've run restorecon -r /var/lib/rpm , but still no joy.

Any suggestions?

Do these match your system?

[egreshko@meimei ~]$ ls -Zl /usr/bin/rpm -rwxr-xr-x. 1 root root system_u:object_r:rpm_exec_t:s0 24864 Nov 19 17:41 /usr/bin/rpm

[egreshko@meimei ~]$ ls -Zl /usr/sbin/setroubleshootd -rwxr-xr-x. 1 root root system_u:object_r:setroubleshootd_exec_t:s0 3412 Aug 28 05:34 /usr/sbin/setroubleshootd

On 2/5/20 1:39 PM, Thomas Cameron wrote:

On 2/4/20 9:51 AM, sean darcy wrote:

...

How would I find that out ?

# ps aux | grep setroubleshootd root     1247827  0.0  0.0 112564   896 pts/0    S+   10:41   0:00 grep --color=auto setroubleshootd # ps aux | grep sealert root     1250561  0.0  0.0 112432   896 pts/0    S+   10:49   0:00 grep --color=auto sealert #

From the setroubleshootd man page:

setroubleshootd is a system daemon which runs under setroubleshoot user and  listens  for  audit  events  emitted  from  the  kernel related to SELinux.

Not very helpful, but it doesn't seem there's any daemon running.

ps -axZ | grep trouble

The daemon is only activated as needed, so it's not always running. Did you try that command? Did it find any processes?