There is more to this story: after addtressing the selinux issue, and setting the mode of .amandahosts to 600, I now have the following:
-sh-3.1$ amcheck Daily Amanda Tape Server Host Check ----------------------------- Holding disk /home/amanda/holding-disk: 104765 MB disk space available, using 104665 MB *** glibc detected *** amcheck: double free or corruption (fasttop): 0x083bef40 *** ======= Backtrace: ========= /lib/libc.so.6[0x23cf5d] /lib/libc.so.6(cfree+0x90)[0x2405b0] amcheck[0x8ede03] amcheck(main+0xc2d)[0x8ef91d] /lib/libc.so.6(__libc_start_main+0xdc)[0x1ecdec] amcheck[0x8eaa01] ======= Memory map: ======== Amanda Backup Client Hosts Check -------------------------------- Client check: 3 hosts checked in 0.662 seconds, 0 problems found (brought to you by Amanda 2.5.0p2) -sh-3.1$ On Tue, Apr 15, 2008 at 6:33 PM, FL <[EMAIL PROTECTED]> wrote: > > On Tue, Apr 15, 2008 at 6:20 PM, Dustin J. Mitchell <[EMAIL PROTECTED]> wrote: > > On Tue, Apr 15, 2008 at 6:15 PM, FL <[EMAIL PROTECTED]> wrote: > > > ... the wait completes and then > > > > > > wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 5539 > > > --- SIGCHLD (Child exited) @ 0 (0) --- > > > wait4(-1, > > > > Does this repeat? It may be running the changer through a number of slots. > > > > If you use the '-f' flag to strace, it will trace the children, too. > > You should be able to see an 'exec' after the clones. It will be a > > lot of data, but it's not too hard to search through. > > > > > > Dustin > > > > -- > > Storage Software Engineer > > http://www.zmanda.com > > > > Now I see something in /var/messages I did not see before: a SElinux alert. > I'll try setting the boolean below. This is probably because amanda > is in ldap instead of /etc/passwd. > > [EMAIL PROTECTED] log]# sealert -l 93bb144d-f3ca-4dfa-945c-b77c728f571e > Summary > SELinux is preventing /usr/lib/amanda/amandad (amanda_t) "name_connect" > access to <Unknown> (ldap_port_t). > > Detailed Description > SELinux denied access requested by /usr/lib/amanda/amandad. It is not > expected that this access is required by /usr/lib/amanda/amandad and this > access may signal an intrusion attempt. It is also possible that the > specific version or configuration of the application is causing it to > require additional access. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > > Allowing Access > Sometimes labeling problems can cause SELinux denials. You could try to > restore the default system file context for <Unknown>, restorecon -v > <Unknown>. There is currently no automatic way to allow this access. > Instead, you can generate a local policy module to allow this access - see > http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385 - or you can > disable SELinux protection entirely for the application. Disabling SELinux > protection is not recommended. Please file a > http://bugzilla.redhat.com/bugzilla/enter_bug.cgi against this package. > Changing the "amanda_disable_trans" boolean to true will disable SELinux > protection this application: "setsebool -P amanda_disable_trans=1." > > The following command will allow this access: > setsebool -P amanda_disable_trans=1 > > Additional Information > > Source Context user_u:system_r:amanda_t > Target Context system_u:object_r:ldap_port_t > Target Objects None [ tcp_socket ] > Affected RPM Packages amanda-client-2.5.0p2-4 [application] > Policy RPM selinux-policy-2.4.6-30.el5 > Selinux Enabled True > Policy Type targeted > MLS Enabled True > Enforcing Mode Enforcing > Plugin Name plugins.disable_trans > Host Name opennms.gc.cuny.edu > Platform Linux opennms.gc.cuny.edu 2.6.18-8.1.15.el5 #1 > SMP > Mon Oct 22 08:32:04 EDT 2007 i686 i686 > Alert Count 550 > Line Numbers > > Raw Audit Messages > > avc: denied { name_connect } for comm="amandad" dest=389 egid=6 euid=1003 > exe="/usr/lib/amanda/amandad" exit=-13 fsgid=6 fsuid=1003 gid=6 items=0 > pid=7014 > scontext=user_u:system_r:amanda_t:s0 sgid=6 subj=user_u:system_r:amanda_t:s0 > suid=1003 tclass=tcp_socket tcontext=system_u:object_r:ldap_port_t:s0 > tty=(none) > uid=1003 >