While I don't think the merits of selinux should be the focus of this
community, both Redhat and CentOS have the selinux policies for bacula. If the
user is required to run in enforcing mode, then he should apply the policies
correctly. This should fix the AVC errors. SELinux is rather verbose these
days and will tell you exactly what needs to be done. I am having no issues
running bacula client on an selinux enforcing mode RHEL 7 platform.
I find the earlier comment regarding systemd to also be correct, but I
personally find systemd issues to be more onerous.
Patti Clark
Sr. Linux System Administrator
Oak Ridge National Laboratory
On 8/29/19, 10:35 AM, "Josh Fisher" <jfis...@pvct.com> wrote:
On 8/27/2019 2:04 PM, Phil Stracchino wrote:
> Fundamentally you have two options here:
>
> 1. You can create a selinux policy that allows Bacula to run;
> or
> 2. You can disable selinux, which truthfully most individual users (and
> many business uses) don't actually need.
Selinux basically implements a more fine-grained file permissions. I
have never really run into any need for more than the standard
User:Group:World level file permissions, but have tried to use selinux
several times, simply because it is on by default in Centos. Each time
it has stabbed me in the back and was disabled. The problem is that it
often is difficult to establish that selinux is what is blocking access
in the first place. IMO, it is an added complexity that simply isn't
needed in most cases.
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
