Skip to content

Fedora: where is

Recently something like this happened:
$ perl -Mbigint -e 'print 1->is_zero()."\n"'
Can't locate in @INC (you may need to install the bigint module)
OK, but which package will provide bigint? (not to be confused with Math::BigInt!)

Debian has apt-file:
$ apt-file search
perl-modules-5.28: /usr/share/perl/5.28.1/
Arch Linux has Pacman:
$ pacman -F
core/perl 5.28.1-1 (base) [installed: 5.30.1-1]
openSUSE has zypper but its search function isn't returning much. However, is provided by their standard perl package:
$ rpm -qf `locate bigint`
And Fedora has dnf, but whatprovides doesn't return anything and search only returns slightly unrelated results:
$ dnf search bigint
But none of those actually provided Thankfully a comment in RHBZ#1286363 provided the key command on how to install the correct Perl module:
$ sudo dnf install 'perl(bigint)'
With that in place, the missing would be installed and the command above executes just fine. Of course, this works for other pragmas just as well:
$ dnf install 'perl(threads)'
Package perl-threads-1:2.22-439.fc31.x86_64 is already installed.

SELinux is preventing dnsmasq from using the dac_override capability.

While trying to set log-facility=/var/log/dnsmasq.log in dnsmasq.conf resulted in an SELinux splat:
SELinux is preventing dnsmasq from using the dac_override capability.
Raw Audit Messages
type=AVC msg=audit(1583125188.633:22508): avc:  denied  { dac_override } for  pid=1501431 comm="dnsmasq" capability=1  scontext=system_u:system_r:dnsmasq_t:s0 tcontext=system_u:system_r:dnsmasq_t:s0 tclass=capability permissive=0

Hash: dnsmasq,dnsmasq_t,dnsmasq_t,capability,dac_override
This had been reported before (in 2018), but for /var/lib/dnsmasq/dnsmasq.leases, this time it was about /var/log/dnsmasq.log and we had everything in place:
$  ls -lZ /var/log/dnsmasq.log 
-rw-r-----. 1 dnsmasq root system_u:object_r:dnsmasq_var_log_t:s0 79783 \
            Mar  1 20:59 /var/log/dnsmasq.log
Before granting dac_override to dnsmasq, we found this all explained in another blog post:
[...] The simple thing to do from an SELinux point of view would be to add the allow rule

allow dovecot_t self:capability dac_override;

But from a security proint of view, this is lousy.  The much better solution would be to 'relax' the permissions on the socket by adding group read/write.
And indeed, this helped as expected:
$ chmod -c g+w /var/log/dnsmasq.log
mode of '/var/log/dnsmasq.log' changed from 0640 (rw-r-----) to 0660 (rw-rw----)
Now dnsmasq would start and is able to log to /var/log/dnsmasq.log.