Re: amanda 3.3.8, SELinux, Fedora

Tue, 26 Jan 2016 04:51:13 -0800 

Am 2016-01-26 um 12:48 schrieb Gerrit A. Smit:
> Stefan G. Weichinger schreef op 2016-01-26 12:27:
> 
>>
>>
>> (and no, don't tell me to disable selinux completely, please)
>>  
>  
> Still a kind of disable:
> switch to 'permissive' and get a better view on what's (not) happening?

Yes, right ... I forgot about changing to permissive as it's a new
machine. Will change that for next amdump.

journal tells me:

än 26 13:13:14 ivy audit[26240]: AVC avc:  denied  { read } for
pid=26240 comm="amandad" name="unix" dev="proc" ino=4026532032
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:proc_net_t:s0 tclass=file permissive=0
Jän 26 13:14:31 ivy audit[26250]: AVC avc:  denied  { write } for
pid=26250 comm="star" name="etc" dev="sda8" ino=268
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:etc_t:s0 tclass=dir permissive=0
Jän 26 13:14:31 ivy dbus[886]: [system] Activating service
name='org.fedoraproject.Setroubleshootd' (using servicehelper)
Jän 26 13:14:31 ivy dbus[886]: [system] Successfully activated service
'org.fedoraproject.Setroubleshootd'
Jän 26 13:14:31 ivy setroubleshoot[26278]: SELinux is preventing amandad
from read access on the file unix. For complete SELinux messages. run
sealert -l 7e044b90-0f31-48eb-b998-e28c65dcb84e
Jän 26 13:14:31 ivy python3[26278]: SELinux is preventing amandad from
read access on the file unix.

                                     *****  Plugin catchall (100.
confidence) suggests   **************************

                                     If you believe that amandad should
be allowed read access on the unix file by default.
                                     Then you should report this as a bug.
                                     You can generate a local policy
module to allow this access.
                                     Do
                                     allow this access for now by executing:
                                     # grep amandad
/var/log/audit/audit.log | audit2allow -M mypol
                                     # semodule -i mypol.pp

Jän 26 13:14:47 ivy audit[1]: SERVICE_STOP pid=1 uid=0 auid=4294967295
ses=4294967295 subj=system_u:system_r:init_t:s0
msg='unit=amanda@59-2001:15c0:65ff:8742:5265:f3ff:fe1f:a652:10080-2001:15c0:65ff:8742:219:99ff:fe3b:4a74:527
comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=?
terminal=? res=success'

Reply via email to