On Thu, Jan 12, 2017 at 09:57:42PM -0600, Jason L Tibbitts III wrote: > >>>>> "jc" == jon@jgcomp com <[email protected]> writes: > > jc> Will try. I was still researching and hoping for some alternative, > jc> actual fix. Seems not to be an unusual situation. > > That's going to have to come either from the selinux policy authors or > from someone who sits down and learns enough to get things working. > Sadly I know I just don't have sufficient time for that person to be me. > > Having more input in the relevant bugzilla ticket is always good. Sadly > I'm rapidly souring on selinux given the way the policy has been > maintained in Fedora lately. > > jc> Part of that reads: > > jc> files_read_all_files(amanda_t) > > Well hmm. Maybe I was wrong. > > I will say that in Fedora 24 they decided to confine systemd itself, > which makes sense but it broke things for me which had previously worked > fine and which I'm still having to locally patch the policy to fix. But > I don't think that's the source of the problem here. > > jc> I thought that was the case also. But I was surprised to see an > jc> amanda policy in place then. As it didn't come from either of them, > jc> I guess it came with the base package and that does surprise me. > > An amanda policy has existed upstream for ages now, which is a good > thing. > > Can you make sure that bugzilla ticket is updated with the AVCs you > receive? If I get some time I may try to have a chat with some > knowledgeable folks who have helped me out with selinux issues in the > past. Maybe they can point out what I'm not yet able to comprehend. >
Surprisingly, no AVCs. Nothing in sealeart, journalctl, /var/log/messages, nor audit logs. Regarding "# semanage permissive -a amanda_t", does that change persist across boots and various updates? Jon -- Jon H. LaBadie [email protected] 11226 South Shore Rd. (703) 787-0688 (H) Reston, VA 20190 (703) 935-6720 (C)
