On 01-02-2023 15:17, Carlos E. R. wrote:
On 2023-02-01 15:00, Bengt Gördén wrote:
Carlos E. R. wrote:
Why can't I locate them with locate?
Either you have something in your conf (/etc/updatedb.conf) or your systemd update timer (mlocate.timer, /usr/lib/systemd/system/mlocate.timer) is out of order. I have TW, so it might be different on the Leap.
It is recent.
cer@Elesar:~> l /var/lib/mlocate/mlocate.db -rw-r--r-- 1 nobody nobody 12713990 Feb 1 13:14 /var/lib/mlocate/mlocate.db cer@Elesar:~>
cer@Elesar:~> cat /etc/updatedb.conf # /etc/updatedb.conf: config file for mlocate
# This file sets variables that are used by updatedb. # For more info, see the updatedb.conf(5) manpage.
# Filesystems that are pruned from updatedb database PRUNEFS="9p afs anon_inodefs auto autofs bdev binfmt binfmt_misc ceph fuse.ceph cgroup cifs coda configfs cramfs cpuset debugfs devfs devpts devtmps ecryptfs eventpollfs exofs futexfs ftpfs fuse fusectl gfs gfs2 gpfs hostfs hugetlbfs inotifyfs iso9660 jffs2 lustre misc mqueue ncpfs nfs NFS nfs4 nfsd nnpfs ocfs ocfs2 pipefs proc ramfs rpc_pipefs securityfs selinuxfs sfs shfs smbfs sockfs spufs sshfs subfs supermount sysfs tmpfs ubifs udf usbfs vboxsf vperfctrfs"
# Paths which are pruned from updatedb database PRUNEPATHS="/tmp /var/tmp /var/cache /var/lock /var/run /var/spool /mnt /cdrom /usr/tmp /proc /media /sys /.snapshots /var/run/media /other /data"
# Folder names that are pruned from updatedb database PRUNENAMES = ".git .hg .svn .bzr .arch-ids {arch} CVS"
# Skip bind mounts. # DISABLED for bnc#994663 and to avoid btrfs subvolume issues PRUNE_BIND_MOUNTS="no" cer@Elesar:~>
I don't see why, unless the user "nobody" doesn't have permission to see modules. :-?
Yes, that is. Ridiculous.
Elesar:~ # time updatedb && locate snd-hda-intel.ko.zst
real 0m2.756s user 0m0.239s sys 0m0.713s /lib/modules/5.14.21-150400.24.38-default/kernel/sound/pci/hda/snd-hda-intel.ko.zst
/lib/modules/5.14.21-150400.24.41-default/kernel/sound/pci/hda/snd-hda-intel.ko.zst
Elesar:~ #
Elesar:~ # uname -a Linux Elesar 5.14.21-150400.24.41-default #1 SMP PREEMPT_DYNAMIC Fri Jan 13 08:55:22 UTC 2023 (1d4442d) x86_64 x86_64 x86_64 GNU/Linux Elesar:~ # rpm -qf /lib/modules/5.14.21-150400.24.41-default/kernel/sound/pci/hda/snd-hda-intel.ko.zst kernel-default-5.14.21-150400.24.41.1.x86_64 Elesar:~ #
Elesar:~ # su - nobody nobody@Elesar:~> l /lib total 5020 drwxr-xr-x 10 root root 4096 Jan 31 14:43 ./ drwxr-xr-x 25 root root 4096 Dec 27 18:38 ../ drwxr-xr-x 2 root root 4096 Dec 27 19:03 apparmor/ -rwxr-xr-x 1 root root 82 Aug 23 2021 cpp* ...
nobody@Elesar:~> l /lib/modules/5.14.21-150400.24.41-default/kernel/sound/pci/hda/snd-hda-intel.ko.zst -rw-r--r-- 1 root root 38245 Jan 16 13:48 /lib/modules/5.14.21-150400.24.41-default/kernel/sound/pci/hda/snd-hda-intel.ko.zst nobody@Elesar:~>
Well, no, user nobody can list the module. Why can't "locate"?
Maybe because my "/usr" is a different partition in this machine? But it is not in my main machine at home.
Hi Carlos, The issue is caused by systemd hardening. Have a look at the file "/usr/lib/systemd/system/mlocate.service",in particular the line "ProtectKernelModules=true". This systemd setting not only prevents the service from loading any modules, but also denies the service access to directory "/lib/modules". Grtz, Erwin