https://bugzilla.redhat.com/show_bug.cgi?id=1393587
--- Comment #1 from Randy Barlow <[email protected]> --- I'm noticing that there is a difference in permissions between Fedora 24's ejabberdctl and Fedora 25's: $ rpm -q ejabberd ejabberd-16.01-5.fc24.x86_64 $ ls -lah /usr/bin/ejabberdctl -rwxr-xr-x. 1 root root 16K Apr 15 2016 /usr/bin/ejabberdctl vs. $ rpm -q ejabberd ejabberd-16.08-2.fc25.x86_64 $ ls -lah /usr/bin/ejabberdctl -r-xr-x---. 1 root root 14K Aug 18 09:17 /usr/bin/ejabberdctl Changing the permissions back to the old format does get ejabberd's startup closer to working, but it seems to still fail on SELinux denials. Strangely enough, ejabberdctl seems to be getting installed as rabbitmq_exec_t (on Fedora 24 as well): # ls -lahZ /usr/bin/ejabberdctl -rwxr-xr-x. 1 root root system_u:object_r:rabbitmq_exec_t:s0 14K Aug 18 09:17 /usr/bin/ejabberdctl # audit2allow -a #============= init_t ============== allow init_t epmd_port_t:tcp_socket name_connect; #!!!! WARNING: 'etc_t' is a base type. allow init_t etc_t:file write; allow init_t jabber_interserver_port_t:tcp_socket name_connect; allow init_t rabbitmq_exec_t:file ioctl; allow init_t rabbitmq_var_lib_t:dir { add_name read remove_name write }; allow init_t rabbitmq_var_lib_t:file { create getattr open read rename unlink write }; allow init_t rabbitmq_var_log_t:dir { read write }; allow init_t rabbitmq_var_log_t:file { append getattr open read write }; I'm not sure exactly what is happening here, but it does seem that the policy in Fedora 25 is more restrictive than it was in Fedora 24. There may also be some connection to starting ejabberd with bash in the unit file: ExecStart=/usr/bin/bash /usr/bin/ejabberdctl… I'm not completely clear on why that is done, but it could be related. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ erlang mailing list -- [email protected] To unsubscribe send an email to [email protected]
