Bug 1415506
Summary: | SElinux prevents amanda dumps | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Peter Bieringer <pb> | ||||
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 25 | CC: | dominick.grift, dwalsh, fedora, goodyca48, jridky, j, lvrabec, mgrepl, mmalik, phracek, plautrba, pmoore, rvokal, ssekidde | ||||
Target Milestone: | --- | Keywords: | SELinux | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | selinux-policy-3.13.1-225.11.fc25 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-02-28 08:50:05 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Peter Bieringer
2017-01-22 20:23:35 UTC
More rules may be needed, but this is a good start: # cat bz1415506.cil ( allow amanda_t tmpfs_t ( filesystem ( getattr ))) # semodule -i bz1415506.cil # To see all SELinux denials that are generated by your scenario, it would be better to switch the amanda_t domain to permissive and re-run your scenario: # dnf -y -q install /usr/sbin/semanage # semanage permissive -a amanda_t (re-run your scenario) # ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i -ts recent Created attachment 1243752 [details]
ausearch result
attached ausearch result as requested
ausearch -m avc -m user_avc -m selinux_err -m user_selinux_err -i |grep amanda |grep "23.01" | cut -c 51- | sort | uniq >/tmp/amanda-selinux.txt
Could you help us, Lukas? And if someone is looking into the amanda policy, https://bugzilla.redhat.com/show_bug.cgi?id=1414140 is another open ticket. Also, this ticket should be open against the selinux-policy component, not amanda, since there's nothing that can be changed in amanda to fix this. But I'll let Josef reassign it if he wants to do that. Reassign to selinux-policy. Feel free to change it in case, it should be solved by someone else. selinux-policy-3.13.1-225.11.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-e06f91350b selinux-policy-3.13.1-225.11.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-e06f91350b selinux-policy-3.13.1-225.11.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report. |