On Tue, Apr 15, 2008 at 6:20 PM, Dustin J. Mitchell <[EMAIL PROTECTED]> wrote: > On Tue, Apr 15, 2008 at 6:15 PM, FL <[EMAIL PROTECTED]> wrote: > > ... the wait completes and then > > > > wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 5539 > > --- SIGCHLD (Child exited) @ 0 (0) --- > > wait4(-1, > > Does this repeat? It may be running the changer through a number of slots. > > If you use the '-f' flag to strace, it will trace the children, too. > You should be able to see an 'exec' after the clones. It will be a > lot of data, but it's not too hard to search through. > > > Dustin > > -- > Storage Software Engineer > http://www.zmanda.com >
Now I see something in /var/messages I did not see before: a SElinux alert. I'll try setting the boolean below. This is probably because amanda is in ldap instead of /etc/passwd. [EMAIL PROTECTED] log]# sealert -l 93bb144d-f3ca-4dfa-945c-b77c728f571e Summary SELinux is preventing /usr/lib/amanda/amandad (amanda_t) "name_connect" access to <Unknown> (ldap_port_t). Detailed Description SELinux denied access requested by /usr/lib/amanda/amandad. It is not expected that this access is required by /usr/lib/amanda/amandad and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Allowing Access Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for <Unknown>, restorecon -v <Unknown>. There is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 - or you can disable SELinux protection entirely for the application. Disabling SELinux protection is not recommended. Please file a http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. Changing the "amanda_disable_trans" boolean to true will disable SELinux protection this application: "setsebool -P amanda_disable_trans=1." The following command will allow this access: setsebool -P amanda_disable_trans=1 Additional Information Source Context user_u:system_r:amanda_t Target Context system_u:object_r:ldap_port_t Target Objects None [ tcp_socket ] Affected RPM Packages amanda-client-2.5.0p2-4 [application] Policy RPM selinux-policy-2.4.6-30.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name plugins.disable_trans Host Name opennms.gc.cuny.edu Platform Linux opennms.gc.cuny.edu 2.6.18-8.1.15.el5 #1 SMP Mon Oct 22 08:32:04 EDT 2007 i686 i686 Alert Count 550 Line Numbers Raw Audit Messages avc: denied { name_connect } for comm="amandad" dest=389 egid=6 euid=1003 exe="/usr/lib/amanda/amandad" exit=-13 fsgid=6 fsuid=1003 gid=6 items=0 pid=7014 scontext=user_u:system_r:amanda_t:s0 sgid=6 subj=user_u:system_r:amanda_t:s0 suid=1003 tclass=tcp_socket tcontext=system_u:object_r:ldap_port_t:s0 tty=(none) uid=1003