On Mon, Jan 09, 2017 at 04:19:35PM -0500, Jon LaBadie wrote: > On Mon, Jan 09, 2017 at 06:12:25PM +0000, Debra S Baddorf wrote: [ snip ] > > Debra -- thank you!!! > Doing the above caused me to also look at the extended attributes. > > $ ls -lZ /home > total 128 > drwxrwxr-x. 28 gundi gundi unconfined_u:object_r:user_home_dir_t:s0 gundi > drwxr-xr-x. 154 jon jon unconfined_u:object_r:user_home_dir_t:s0 jon > drwx------. 2 root root system_u:object_r:lost_found_t:s0 > lost+found > drwxr-xr-x. 39 root root system_u:object_r:user_home_dir_t:s0 rootk > > Hmmm, rootk is "system_u", jon and all the other home dirs are "unconfined_u". > The lost+found directory is also "system_u". If this is the problem, > lost+found > should also be getting backed up and should appear in the gnutar lists. > > $ strings cyber.jgcomp.comHome_0 | grep '^\./' | grep lost > ./lost+found > ./lost+found > > Sure enough, its in there. So it a 'selinux' problem, my tar is unable to > backup "unconfined_u" files. > > So amanda and selinux configuration, something to investigate unless someone > can point it out to me.
Ok, I confirmed my home dir can be backed up with selinux set to non-enforcing. There is a set of amanda rules for selinux in place, but apparently they do not give amdump/tar the ability backup all files. Who provides the selinux rules for amanda? Are the selinux rules for amanda provided with the amanda sources? If so, I don't see them. Or perhaps they are added by the prebuilt amanda packages I installed from the Fedora repos (and CentOS repos)? Again, if so, I don't see them in the packages. But then, I get lost in selinux. They may be there and I don't recognize them. An aside, anyone know a "Carsten Grohmann"? I came across an NSA document on SELinux and it listed Carsten as the the original contributor of the Amanda policy for SELinux. Jon -- Jon H. LaBadie j...@jgcomp.com 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
