>>>>> "jc" == jon@jgcomp com <[email protected]> writes:
jc> Will try. I was still researching and hoping for some alternative, jc> actual fix. Seems not to be an unusual situation. That's going to have to come either from the selinux policy authors or from someone who sits down and learns enough to get things working. Sadly I know I just don't have sufficient time for that person to be me. Having more input in the relevant bugzilla ticket is always good. Sadly I'm rapidly souring on selinux given the way the policy has been maintained in Fedora lately. jc> Part of that reads: jc> files_read_all_files(amanda_t) Well hmm. Maybe I was wrong. I will say that in Fedora 24 they decided to confine systemd itself, which makes sense but it broke things for me which had previously worked fine and which I'm still having to locally patch the policy to fix. But I don't think that's the source of the problem here. jc> I thought that was the case also. But I was surprised to see an jc> amanda policy in place then. As it didn't come from either of them, jc> I guess it came with the base package and that does surprise me. An amanda policy has existed upstream for ages now, which is a good thing. Can you make sure that bugzilla ticket is updated with the AVCs you receive? If I get some time I may try to have a chat with some knowledgeable folks who have helped me out with selinux issues in the past. Maybe they can point out what I'm not yet able to comprehend. - J<
