Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): bacula-client-5.2.13-13.el7.x86_64 bacula-common-5.2.13-13.el7.x86_64 bacula-console-5.2.13-13.el7.x86_64 bacula-console-bat-5.2.13-13.el7.x86_64 bacula-devel-5.2.13-13.el7.x86_64 bacula-director-5.2.13-13.el7.x86_64 bacula-libs-5.2.13-13.el7.x86_64 bacula-libs-sql-5.2.13-13.el7.x86_64 bacula-storage-5.2.13-13.el7.x86_64 bacula-traymonitor-5.2.13-13.el7.x86_64 selinux-policy-3.12.1-99.el7.noarch selinux-policy-devel-3.12.1-99.el7.noarch selinux-policy-doc-3.12.1-99.el7.noarch selinux-policy-minimum-3.12.1-99.el7.noarch selinux-policy-mls-3.12.1-99.el7.noarch selinux-policy-targeted-3.12.1-99.el7.noarch How reproducible: always Steps to Reproduce: # service bacula-dir start Redirecting to /bin/systemctl start bacula-dir.service # service bacula-fd start Redirecting to /bin/systemctl start bacula-fd.service # service bacula-sd start Redirecting to /bin/systemctl start bacula-sd.service # ps -efZ | grep bacula system_u:system_r:init_t:s0 bacula 12398 1 0 15:33 ? 00:00:00 /usr/sbin/bacula-dir -f -c /etc/bacula/bacula-dir.conf -u bacula -g bacula system_u:system_r:init_t:s0 root 12412 1 0 15:33 ? 00:00:00 /usr/sbin/bacula-fd -f -c /etc/bacula/bacula-fd.conf -u root -g root system_u:system_r:init_t:s0 bacula 12427 1 0 15:33 ? 00:00:00 /usr/sbin/bacula-sd -f -c /etc/bacula/bacula-sd.conf -u bacula -g tape unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 root 12432 2470 0 15:33 pts/0 00:00:00 grep --color=auto bacula # Actual results: * the daemons run as init_t Expected results: * the daemons run in a dedicated SELinux domain
It seems that ports 9101-9103 are used by default: # grep -Ri port /etc/bacula/ /etc/bacula/bacula-sd.conf: SDPort = 9103 # Director's port /etc/bacula/bacula-sd.conf:# Devices supported by this Storage daemon /etc/bacula/bacula-dir.conf: DIRport = 9101 # where we listen for UA connections /etc/bacula/bacula-dir.conf: FDPort = 9102 /etc/bacula/bacula-dir.conf:# FDPort = 9102 /etc/bacula/bacula-dir.conf: SDPort = 9103 /etc/bacula/bacula-dir.conf:# SDPort = 9103 /etc/bacula/bacula-dir.conf:# SDPort = 9103 /etc/bacula/bacula-dir.conf:# SDPort = 9103 /etc/bacula/bacula-dir.conf:# dbdriver = "dbi:postgresql"; dbaddress = 127.0.0.1; dbport = /etc/bacula/bacula-fd.conf: FDport = 9102 # where we listen for the director /etc/bacula/tray-monitor.conf: FDPort = 9102 /etc/bacula/tray-monitor.conf: SDPort = 9103 /etc/bacula/tray-monitor.conf: DIRport = 9101 /etc/bacula/bconsole.conf: DIRport = 9101 /etc/bacula/bat.conf: DIRport = 9101 #
commit 713db6eff64ead13143867883a6a6dc8cd9585cd Author: Lukas Vrabec <lvrabec> Date: Thu Feb 6 15:55:21 2014 +0100 Add to bacula capability setgid and setuid and allow to bind to bacula ports commit b01eb1f7dcf4b32c53de46e78b985fa27d4ff1bc Author: Lukas Vrabec <lvrabec> Date: Thu Feb 6 16:47:09 2014 +0100 Added labels for bacula ports
This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request.