Skip to content

Fedora: where is bigint.pm?

Recently something like this happened:
$ perl -Mbigint -e 'print 1->is_zero()."\n"'
Can't locate bigint.pm in @INC (you may need to install the bigint module)
OK, but which package will provide bigint? (not to be confused with Math::BigInt!)

Debian has apt-file:
$ apt-file search bigint.pm
perl-modules-5.28: /usr/share/perl/5.28.1/bigint.pm
Arch Linux has Pacman:
$ pacman -F bigint.pm
core/perl 5.28.1-1 (base) [installed: 5.30.1-1]
    usr/share/perl5/core_perl/bigint.pm
openSUSE has zypper but its search function isn't returning much. However, bigint.pm is provided by their standard perl package:
$ rpm -qf `locate bigint`
perl-5.30.1-3.2.x86_64
And Fedora has dnf, but whatprovides doesn't return anything and search only returns slightly unrelated results:
$ dnf search bigint
texlive-bigints-doc.noarch
perl-Math-BigInt-GMP.x86_64
perl-Math-BigInt-FastCalc.x86_64
texlive-bigints.noarch
perl-Math-BigInt.noarch
php-pear-math-biginteger.noarch
But none of those actually provided bigint.pm. Thankfully a comment in RHBZ#1286363 provided the key command on how to install the correct Perl module:
$ sudo dnf install 'perl(bigint)'
With that in place, the missing bigint.pm would be installed and the command above executes just fine. Of course, this works for other pragmas just as well:
$ dnf install 'perl(threads)'
Package perl-threads-1:2.22-439.fc31.x86_64 is already installed.

SELinux is preventing dnsmasq from using the dac_override capability.

While trying to set log-facility=/var/log/dnsmasq.log in dnsmasq.conf resulted in an SELinux splat:
SELinux is preventing dnsmasq from using the dac_override capability.
[...]
Raw Audit Messages
type=AVC msg=audit(1583125188.633:22508): avc:  denied  { dac_override } for  pid=1501431 comm="dnsmasq" capability=1  scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:system_r:dnsmasq_t:s0 tclass=capability permissive=0

Hash: dnsmasq,dnsmasq_t,dnsmasq_t,capability,dac_override
This had been reported before (in 2018), but for /var/lib/dnsmasq/dnsmasq.leases, this time it was about /var/log/dnsmasq.log and we had everything in place:
$  ls -lZ /var/log/dnsmasq.log 
-rw-r-----. 1 dnsmasq root system_u:object_r:dnsmasq_var_log_t:s0 79783 \
            Mar  1 20:59 /var/log/dnsmasq.log
Before granting dac_override to dnsmasq, we found this all explained in another blog post:
[...] The simple thing to do from an SELinux point of view would be to add the allow rule

allow dovecot_t self:capability dac_override;

But from a security proint of view, this is lousy.  The much better solution would be to 'relax' the permissions on the socket by adding group read/write.
And indeed, this helped as expected:
$ chmod -c g+w /var/log/dnsmasq.log
mode of '/var/log/dnsmasq.log' changed from 0640 (rw-r-----) to 0660 (rw-rw----)
Now dnsmasq would start and is able to log to /var/log/dnsmasq.log.