Hey thanks for the reply, /First of all, you can try to relabel your filesystem in case you have some mislabeled file; as root do "fixfiles onboot" and reboot the system./
I tried relabel the file system already and that didn't fix it. /Second, you can delete all files in "/var/log/audit/" and make the problem reappear, so you can debug the SELinux permission problems with "audit2allow -a" or by looking directly at a clean "/var/log/audit/audit.log" file./ OK thanks, I will try that and also do some reading on SELINUX. /Then, it's worth saying that "/backup" is not a path that is part of SELinux labels. It is not a problem by itself (it should work anyway) but my suggestion is to use "/bacula/" as the path for your backups./The "/backup" directory was created on my test server when i was just learning bacula (newbee mistake), I will try change it when I get around this SELINUX issue.
Thanks Again On 11/09/2014 04:27 AM, Simone Caronni wrote:
Hello, you should do some debugging on the SELinux side, this is not related to Bacula. It is too complicated to explain by mail, Redhat docs are very good in this regard. On Fri, 2014-11-07 at 13:06 -0500, Humphrey Bryant wrote:I check, recheck and double check all permissions on my volumes/files and directory and everything was OK but when i run the backup they still hang nonetheless. It was after I temporarily disabled SELINUX backup start working again, so I am of the conclusion that SELINUX is at fault here.. I need some help getting SELINUX to play nice with Bacula on CENTOS 6.6, can anyone here help me out please. any one can help me create a policy or something, I don’t want to upgrade my production server and have this same problem.First of all, you can try to relabel your filesystem in case you have some mislabeled file; as root do "fixfiles onboot" and reboot the system. Second, you can delete all files in "/var/log/audit/" and make the problem reappear, so you can debug the SELinux permission problems with "audit2allow -a" or by looking directly at a clean "/var/log/audit/audit.log" file. Then, it's worth saying that "/backup" is not a path that is part of SELinux labels. It is not a problem by itself (it should work anyway) but my suggestion is to use "/bacula/" as the path for your backups. # semanage fcontext -l | grep bacula /bacula(/.*)? all files system_u:object_r:bacula_store_t:s0 /etc/bacula.* all files system_u:object_r:bacula_etc_t:s0 /etc/rc\.d/init\.d/bacula.* regular file system_u:object_r:bacula_initrc_exec_t:s0 /usr/sbin/bacula.* regular file system_u:object_r:bacula_exec_t:s0 /usr/sbin/bat regular file system_u:object_r:bacula_admin_exec_t:s0 /usr/sbin/bconsole regular file system_u:object_r:bacula_admin_exec_t:s0 /var/lib/bacula.* all files system_u:object_r:bacula_var_lib_t:s0 /var/log/bacula.* all files system_u:object_r:bacula_log_t:s0 /var/run/bacula.* regular file system_u:object_r:bacula_var_run_t:s0 /var/spool/bacula.* all files system_u:object_r:bacula_spool_t:s0 /var/spool/bacula/log(/.*)? all files system_u:object_r:var_log_t:s0 Regards, --Simone
-- Best Regards Humphrey Bryant Information System Admin Foga Daley Attorneys-at-Law 7 Stanton Terrace Kingston 6 Tel - (876) 927-4371-5 Fax - (876) 927-5081 This E-mail contains information which is confidential and privileged. Unless you are the addressee (or authorised to receive for the addressee), you may not use, copy or disclose to anyone the message or information contained in it. If you have received this e-mail in error, please destroy it and advise the sender.
<<attachment: hbryant.vcf>>
------------------------------------------------------------------------------
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
