On 8/27/19 1:53 PM, Maurizio Caloro wrote:
> hmmm
> I think that i found the problem ..... but how i can disable this policy
>
> type=AVC msg=audit(1566928006.329:103): avc: denied { write } for
> pid=3137 comm="bacula-fd" name="bacula-fd.9102.state" dev="dm-0"
> ino=50356909 scontext=system_u:system_r:bacula_t:s0
> tcontext=system_u:object_r:bacula_log_t:s0 tclass=file permissive=0
> type=AVC msg=audit(1566928006.330:104): avc: denied { unlink } for
> pid=3137 comm="bacula-fd" name="bacula-fd.9102.state" dev="dm-0"
> ino=50356909 scontext=system_u:system_r:bacula_t:s0
> tcontext=system_u:object_r:bacula_log_t:s0 tclass=file permissive=0
>
>
> 60. 08/27/2019 19:46:46 bacula-fd system_u:system_r:bacula_t:s0 87 file
> unlink system_u:object_r:bacula_log_t:s0 denied 101
> 61. 08/27/2019 19:46:46 bacula-fd system_u:system_r:bacula_t:s0 87 file
> unlink system_u:object_r:bacula_log_t:s0 denied 102
> 62. 08/27/2019 19:46:46 bacula-fd system_u:system_r:bacula_t:s0 2 file write
> system_u:object_r:bacula_log_t:s0 denied 103
> 63. 08/27/2019 19:46:46 bacula-fd system_u:system_r:bacula_t:s0 87 file
> unlink system_u:object_r:bacula_log_t:s0 denied 104
So this looks as though it is actually selinux stabbing you in the back.
Fundamentally you have two options here:
1. You can create a selinux policy that allows Bacula to run;
or
2. You can disable selinux, which truthfully most individual users (and
many business uses) don't actually need.
I don't know enough about selinux to advise you on the former, but there
are plenty of simple articles on disabling selinux, for example this
one: https://linuxize.com/post/how-to-disable-selinux-on-centos-7/
--
Phil Stracchino
Babylon Communications
ph...@caerllewys.net
p...@co.ordinate.org
Landline: +1.603.293.8485
Mobile: +1.603.998.6958
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
