SELinux is preventing mandb from searching /home/local/man
by elisatems from LinuxQuestions.org on (#5RE0F)
The platform is Scientific Linux 7.9, an offshoot of RHEL 7. Mandb is run from /etc/cron.daily/man-db.cron by anacron. The error message mailed to root is
What gives here? I have been running SL 6.3 for years and never saw this problem, though admittedly I had SELinux disabled. I am new to SL 7.9 and have taken the SELinux plunge but a lot here is unfamiliar. Security labels on files and directories are a new concept for me and I'd appreciate any guidance anyone can offer.
Thanks,
Liz
mandb: can't search directory /home/local/man: Permission deniedAll of these directories are 0755 and owned by root.root and I assume that mandb is being run as root. Further information comes from the SELinux alert notifications:
mandb: can't search directory /home/local/man: Permission denied
mandb: can't search directory /home/local/share/man: Permission denied
mandb: can't search directory /home/local/share/man: Permission denied
SELinux is preventing /usr/bin/mandb from read access on the directory /home/local/man.plus a number of lower confidence suggestions, including doing a full relabel and submitting a bug report.
***** Plugin restorecon (82.4 confidence) suggests ************************
If you want to fix the label.
/home/local/man default label should be user_home_t.
Then you can run restorecon. The access attempt may have been stopped due to insufficient permissions to access a parent directory in which case try to change the following command accordingly.
Do
# /sbin/restorecon -v /home/local/man
What gives here? I have been running SL 6.3 for years and never saw this problem, though admittedly I had SELinux disabled. I am new to SL 7.9 and have taken the SELinux plunge but a lot here is unfamiliar. Security labels on files and directories are a new concept for me and I'd appreciate any guidance anyone can offer.
Thanks,
Liz