This service will be undergoing maintenance at 00:00 UTC, 2016-09-28. It is expected to last about 1 hours
Bug 149030 - amanda fails to run
amanda fails to run
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-17 19:11 EST by Orion Poplawski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-05-05 11:01:42 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2005-02-17 19:11:23 EST
Description of problem:

Trying to setup amanda backup of an selinux system.  Get the following denials
when running amcheck on the server:

Feb 17 17:05:11 hawk kernel: audit(1108685111.604:0): avc:  denied  { search }
for  pid=5036 exe=/usr/lib/amanda/amandad name=nscd dev=dm-4 ino=229381
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:nscd_var_run_t
tclass=dir
Feb 17 17:05:11 hawk kernel: audit(1108685111.604:0): avc:  denied  { search }
for  pid=5036 exe=/usr/lib/amanda/amandad name=nscd dev=dm-4 ino=229381
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:nscd_var_run_t
tclass=dir
Feb 17 17:05:11 hawk kernel: audit(1108685111.605:0): avc:  denied  { search }
for  pid=5036 exe=/usr/lib/amanda/amandad name=log dev=dm-4 ino=163841
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
Feb 17 17:05:11 hawk kernel: audit(1108685111.606:0): avc:  denied  { search }
for  pid=5036 exe=/usr/lib/amanda/amandad name=log dev=dm-4 ino=163841
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
Feb 17 17:05:11 hawk last message repeated 4 times
Feb 17 17:05:11 hawk kernel: audit(1108685111.607:0): avc:  denied  { search }
for  pid=5036 exe=/usr/lib/amanda/amandad name=log dev=dm-4 ino=163841
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
Feb 17 17:05:11 hawk last message repeated 4 times
Feb 17 17:05:11 hawk kernel: audit(1108685111.608:0): avc:  denied  { read } for
 pid=5036 exe=/usr/lib/amanda/amandad name=localtime dev=dm-1 ino=63536
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:locale_t tclass=file
Feb 17 17:05:11 hawk last message repeated 3 times
Feb 17 17:05:11 hawk kernel: audit(1108685111.608:0): avc:  denied  { connect }
for  pid=5036 exe=/usr/lib/amanda/amandad scontext=user_u:system_r:amanda_t
tcontext=user_u:system_r:amanda_t tclass=unix_dgram_socket
 

Version-Release number of selected component (if applicable):
selinux-policy-targeted-1.21.14-1

I'll try to get logs from the actual backup run tonight.

Also of note - the amanda package is a custom package of amanda-2.4.5b1-20041111
Comment 1 Orion Poplawski 2005-02-18 12:21:48 EST
From the backup run:

audit(1108699203.506:0): avc:  denied  { search } for  pid=7283
exe=/usr/lib/amanda/amandad name=nscd dev=dm-4 ino=229381
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:nscd_var_run_t
tclass=dir
audit(1108699203.507:0): avc:  denied  { search } for  pid=7283
exe=/usr/lib/amanda/amandad name=log dev=dm-4 ino=163841
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
audit(1108699203.508:0): avc:  denied  { read } for  pid=7283
exe=/usr/lib/amanda/amandadname=amanda dev=dm-4 ino=163855
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
audit(1108699203.508:0): avc:  denied  { read } for  pid=7283
exe=/usr/lib/amanda/amandadname=localtime dev=dm-1 ino=63536
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:locale_t tclass=file
audit(1108699203.508:0): avc:  denied  { getattr } for  pid=7283
exe=/usr/lib/amanda/amandad path=/etc/localtime dev=dm-1 ino=63536
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:locale_t tclass=file
audit(1108699203.509:0): avc:  denied  { write } for  pid=7283
exe=/usr/lib/amanda/amandad name=amanda dev=dm-4 ino=163855
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
audit(1108699203.509:0): avc:  denied  { add_name } for  pid=7283
exe=/usr/lib/amanda/amandad name=amandad.20050217210003.debug
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
audit(1108699203.509:0): avc:  denied  { create } for  pid=7283
exe=/usr/lib/amanda/amandad name=amandad.20050217210003.debug
scontext=user_u:system_r:amanda_t tcontext=user_u:object_r:var_log_t tclass=file
audit(1108699203.514:0): avc:  denied  { setattr } for  pid=7283
exe=/usr/lib/amanda/amandad name=amandad.20050217210003.debug dev=dm-4
ino=163940 scontext=user_u:system_r:amanda_t tcontext=user_u:object_r:var_log_t
tclass=file
audit(1108699203.515:0): avc:  denied  { getattr } for  pid=7283
exe=/usr/lib/amanda/amandad path=/var/log/amanda/amandad.20050217210003.debug
dev=dm-4 ino=163940 scontext=user_u:system_r:amanda_t
tcontext=user_u:object_r:var_log_t tclass=file
audit(1108699203.515:0): avc:  denied  { append } for  pid=7283
exe=/usr/lib/amanda/amandad path=/var/log/amanda/amandad.20050217210003.debug
dev=dm-4 ino=163940 scontext=user_u:system_r:amanda_t
tcontext=user_u:object_r:var_log_t tclass=file
audit(1108699203.539:0): avc:  denied  { remove_name } for  pid=7283
exe=/usr/lib/amanda/amandad name=amandad.noop.7283 dev=dm-4 ino=163941
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_log_t tclass=dir
audit(1108699203.539:0): avc:  denied  { unlink } for  pid=7283
exe=/usr/lib/amanda/amandad name=amandad.noop.7283 dev=dm-4 ino=163941
scontext=user_u:system_r:amanda_t tcontext=user_u:object_r:var_log_t tclass=file
audit(1108699203.540:0): avc:  denied  { write } for  pid=7283
exe=/usr/lib/amanda/amandad path=/var/log/amanda/amandad.noop.7283 (deleted)
dev=dm-4 ino=163941 scontext=user_u:system_r:amanda_t
tcontext=user_u:object_r:var_log_t tclass=file
audit(1108699203.541:0): avc:  denied  { read } for  pid=7283
exe=/usr/lib/amanda/amandadpath=/var/log/amanda/amandad.noop.7283 (deleted)
dev=dm-4 ino=163941 scontext=user_u:system_r:amanda_t
tcontext=user_u:object_r:var_log_t tclass=file
audit(1108699203.582:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/export/web dev=dm-0 ino=2
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:httpd_sys_content_t
tclass=dir
audit(1108699203.582:0): avc:  denied  { read } for  pid=7285
exe=/usr/lib/amanda/sendsize name=mounts dev=proc ino=-268435447
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:proc_t tclass=lnk_file
audit(1108699203.582:0): avc:  denied  { search } for  pid=7285
exe=/usr/lib/amanda/sendsize name=7285 dev=proc ino=477429762
scontext=user_u:system_r:amanda_t tcontext=user_u:system_r:amanda_t tclass=dir
audit(1108699203.582:0): avc:  denied  { read } for  pid=7285
exe=/usr/lib/amanda/sendsize name=mounts dev=proc ino=477429776
scontext=user_u:system_r:amanda_t tcontext=user_u:system_r:amanda_t tclass=file
audit(1108699203.582:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/proc/7285/mounts dev=proc ino=477429776
scontext=user_u:system_r:amanda_t tcontext=user_u:system_r:amanda_t tclass=file
audit(1108699203.583:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/dev dev=tmpfs ino=452
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t tclass=dir
audit(1108699203.583:0): avc:  denied  { read } for  pid=7285
exe=/usr/lib/amanda/sendsize name=root dev=tmpfs ino=1337
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=lnk_file
audit(1108699203.583:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/selinux dev=selinuxfs ino=158
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:security_t tclass=dir
audit(1108699203.584:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/proc/bus/usb dev=usbfs ino=1598
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:usbfs_t tclass=dir
audit(1108699203.585:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/sys dev=sysfs ino=1
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:sysfs_t tclass=dir
audit(1108699203.585:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/dev/shm dev=tmpfs ino=3980
scontext=user_u:system_r:amanda_t tcontext=user_u:object_r:tmpfs_t tclass=dir
audit(1108699203.585:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/export/ftp dev=dm-2 ino=2
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:default_t tclass=dir
audit(1108699203.585:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/var dev=dm-4 ino=2
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_t tclass=dir
audit(1108699203.585:0): avc:  denied  { search } for  pid=7285
exe=/usr/lib/amanda/sendsize name=sys dev=proc ino=-268435431
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:sysctl_t tclass=dir
audit(1108699203.586:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/proc/sys/fs/binfmt_misc dev=binfmt_misc
ino=4211 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir
audit(1108699203.586:0): avc:  denied  { search } for  pid=7285
exe=/usr/lib/amanda/sendsize name=nfs dev=dm-4 ino=196635
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:var_lib_nfs_t
tclass=dir
audit(1108699203.586:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/var/lib/nfs/rpc_pipefs dev=rpc_pipefs
ino=5671 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:rpc_pipefs_t tclass=dir
audit(1108699203.586:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/opt dev=autofs ino=6117
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:autofs_t tclass=dir
audit(1108699203.586:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/proc/fs/nfsd dev=nfsd ino=6724
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:nfsd_fs_t tclass=dir
audit(1108699203.587:0): avc:  denied  { getattr } for  pid=7285
exe=/usr/lib/amanda/sendsize path=/dev/mapper/rootvg-root dev=tmpfs ino=1274
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
audit(1108699203.668:0): avc:  denied  { search } for  pid=7290
exe=/usr/lib/amanda/runtar name=bin dev=dm-1 ino=28673
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:bin_t tclass=dir
audit(1108699203.668:0): avc:  denied  { read } for  pid=7289
exe=/usr/lib/amanda/runtar path=/bin/tar dev=dm-1 ino=28734
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:bin_t tclass=file
audit(1108699203.753:0): avc:  denied  { search } for  pid=7289 exe=/bin/tar
name=/ dev=dm-2 ino=2 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:default_t tclass=dir
audit(1108699203.753:0): avc:  denied  { read } for  pid=7289 exe=/bin/tar
name=/ dev=dm-2 ino=2 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:default_t tclass=dir
audit(1108699203.753:0): avc:  denied  { getattr } for  pid=7289 exe=/bin/tar
path=/export/ftp/ftp dev=dm-2 ino=524289 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:default_t tclass=dir
audit(1108699203.754:0): avc:  denied  { read } for  pid=7289 exe=/bin/tar
name=ftp dev=dm-2 ino=524289 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:default_t tclass=dir
audit(1108699203.754:0): avc:  denied  { search } for  pid=7289 exe=/bin/tar
name=ftp dev=dm-2 ino=524289 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:default_t tclass=dir
audit(1108699203.755:0): avc:  denied  { search } for  pid=7290 exe=/bin/tar
name=/ dev=dm-0 ino=2 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:httpd_sys_content_ttclass=dir
audit(1108699203.755:0): avc:  denied  { read } for  pid=7290 exe=/bin/tar
name=/ dev=dm-0 ino=2 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:httpd_sys_content_t tclass=dir
audit(1108699203.755:0): avc:  denied  { getattr } for  pid=7290 exe=/bin/tar
path=/export/web/orderdata dev=dm-0 ino=228481 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:httpd_sys_content_t tclass=dir
audit(1108699203.756:0): avc:  denied  { getattr } for  pid=7290 exe=/bin/tar
path=/export/web/aquota.user dev=dm-0 ino=12 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:httpd_sys_content_t tclass=file
audit(1108699203.756:0): avc:  denied  { read } for  pid=7290 exe=/bin/tar
name=Alisn1L dev=dm-0 ino=32641 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:httpd_sys_content_t tclass=dir
audit(1108699203.756:0): avc:  denied  { search } for  pid=7290 exe=/bin/tar
name=Alisn1Ldev=dm-0 ino=32641 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:httpd_sys_content_t tclass=dir
audit(1108699203.756:0): avc:  denied  { getattr } for  pid=7290 exe=/bin/tar
path=/export/web/Alisn1L/index.html dev=dm-0 ino=32644
scontext=user_u:system_r:amanda_t tcontext=root:object_r:httpd_sys_content_t
tclass=lnk_file
audit(1108699203.756:0): avc:  denied  { getattr } for  pid=7289 exe=/bin/tar
path=/export/ftp/ftp/pub/Ogle/ogle1nov.zip dev=dm-2 ino=606289
scontext=user_u:system_r:amanda_t tcontext=root:object_r:default_t tclass=file
audit(1108699203.758:0): avc:  denied  { getattr } for  pid=7290 exe=/bin/tar
path=/export/web/cora/htdig dev=dm-0 ino=1680962
scontext=user_u:system_r:amanda_t tcontext=user_u:object_r:httpd_sys_content_t
tclass=lnk_file
audit(1108699203.760:0): avc:  denied  { getattr } for  pid=7289 exe=/bin/tar
path=/export/ftp/ftp/pub/Ogle/Examples/Tutorial/tutorial-files/ogle dev=dm-2
ino=63 scontext=user_u:system_r:amanda_t tcontext=root:object_r:default_t
tclass=lnk_file
audit(1108699203.941:0): avc:  denied  { read } for  pid=7289 exe=/bin/tar
name=ogle dev=dm-2 ino=63 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:default_t tclass=lnk_file
audit(1108699205.531:0): avc:  denied  { read } for  pid=7290 exe=/bin/tar
name=index.html dev=dm-0 ino=32644 scontext=user_u:system_r:amanda_t
tcontext=root:object_r:httpd_sys_content_t tclass=lnk_file
audit(1108699205.549:0): avc:  denied  { read } for  pid=7290 exe=/bin/tar
name=htdig dev=dm-0 ino=1680962 scontext=user_u:system_r:amanda_t
tcontext=user_u:object_r:httpd_sys_content_t tclass=lnk_file
Comment 2 Daniel Walsh 2005-03-07 12:01:58 EST
Should be fixed by selinux-policy-*-1_21_15-6
Comment 3 Orion Poplawski 2005-03-08 11:42:14 EST
Still get some errors.   Most don't appear to affect amanda
functionality (or at least not what I'm doing).  The following do
however prevent backups of symbolic links:

type=KERNEL msg=audit(1110255360.980:1407305): avc:  denied  { getattr
} for  pid=14718 exe=/bin/tar
path=/export/web/pstoolkit/Status/index.html dev=dm-0 ino=1893586
scontext=user_u:system_r:amanda_t
tcontext=root:object_r:httpd_sys_content_t tclass=lnk_file
type=KERNEL msg=audit(1110255338.230:1309113): avc:  denied  { getattr
} for  pid=14708 exe=/bin/tar
path=/export/ftp/pub/pstoolkit/README.txt dev=dm-2 ino=540866
scontext=user_u:system_r:amanda_t tcontext=root:object_r:default_t
tclass=lnk_file

I added the following to fix:

allow amanda_t default_t:lnk_file {getattr read };
allow amanda_t httpd_sys_content_t:lnk_file {getattr read };

The following (and others) show up, but don't appear to cause problems:

type=KERNEL msg=audit(1110255886.764:3058365): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup
path=/dev/mapper/rootvg-ftp dev=tmpfs ino=1298
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
type=KERNEL msg=audit(1110255886.764:3058362): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup
path=/dev/mapper/rootvg-ftp dev=tmpfs ino=1298
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
type=KERNEL msg=audit(1110255886.764:3058361): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup
path=/dev/mapper/rootvg-ftp dev=tmpfs ino=1298
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
type=KERNEL msg=audit(1110255886.764:3058350): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup path=/proc/bus/usb
dev=usbfs ino=1597 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:usbfs_t tclass=dir
type=KERNEL msg=audit(1110255886.764:3058345): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup path=/sys dev=sysfs
ino=1 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:sysfs_t tclass=dir
type=KERNEL msg=audit(1110255886.739:3058340): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup
path=/dev/mapper/rootvg-root dev=tmpfs ino=1283
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
type=KERNEL msg=audit(1110255886.739:3058337): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup
path=/dev/mapper/rootvg-root dev=tmpfs ino=1283
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
type=KERNEL msg=audit(1110255886.739:3058336): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup
path=/dev/mapper/rootvg-root dev=tmpfs ino=1283
scontext=user_u:system_r:amanda_t tcontext=system_u:object_r:device_t
tclass=blk_file
type=KERNEL msg=audit(1110255886.823:3058612): avc:  denied  { getattr
} for  pid=14714 exe=/usr/lib/amanda/sendbackup path=/sys dev=sysfs
ino=1 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:sysfs_t tclass=dir
type=KERNEL msg=audit(1110255886.824:3058638): avc:  denied  { read }
for  pid=14714 exe=/usr/lib/amanda/sendbackup name=mounts dev=proc
ino=-268435447 scontext=user_u:system_r:amanda_t
tcontext=system_u:object_r:proc_t tclass=lnk_file
Comment 4 Orion Poplawski 2005-08-16 11:56:40 EDT
Think we need:

dontaudit amanda_t nfsd_fs_t:dir getattr;

Otherwise, I'm not getting any more amanda errors.
Comment 5 Orion Poplawski 2005-09-16 12:08:33 EDT
New messages preventing amrecover (really amindexd on server) from running:

Sep 16 09:58:52 alexandria kernel: audit(1126886332.295:101595): avc:  denied  {
read write } for  pid=28931 comm="amindexd" name="[2479426]" dev=sockfs
ino=2479426 scontext=system_u:system_r:amanda_t
tcontext=system_u:system_r:inetd_t tclass=tcp_socket

Gets started from the following xinetd entry:

service amandaidx
{
        disable = no
        socket_type             = stream
        protocol                = tcp
        wait                    = no
        user                    = amanda
        group                   = disk
        server                  = /usr/lib/amanda/amindexd
}

selinux-policy-targeted-1.25.4-10.1
Comment 6 Orion Poplawski 2005-09-27 16:20:15 EDT
Sometimes seeing:

Sep 26 22:47:54 alexandria kernel: audit(1127796474.564:2928): avc:  denied  {
connect } for  pid=23129 comm="sendbackup" scontext=system_u:system_r:amanda_t
tcontext=system_u:system_r:amanda_t tclass=unix_dgram_socket
Sep 26 22:47:54 alexandria kernel: audit(1127796474.568:2929): avc:  denied  {
connect } for  pid=23126 comm="sendbackup" scontext=system_u:system_r:amanda_t
tcontext=system_u:system_r:amanda_t tclass=unix_dgram_socket

which appears to be screwing up some, though not all, backups.  Weird...
Going to run in permissive mode to see if it is selinux or amanda...
Comment 7 Chris Hapgood 2005-12-08 15:26:23 EST
I too have noticed problems with amanda and selinux.  Specifically, amrecover 
fails SILENTLY (!!!) while selinux is enforcing.  I am using a completley 
stock amanda and FC4 setup with targeted policy.  Interestingly, if the 
amrecover client and the amindexd server are on different hosts (both FC4), 
selinux must be disabled on BOTH for the operation to work -although disabling 
it on either will at least allow error messages to be seen on the client.

amanda.i386                              2.4.5-2
selinux-policy-targeted.noarch           1.27.1-2.16


Comment 8 Daniel Walsh 2005-12-08 15:36:27 EST
What avc messages are you seeing?  
Comment 9 Daniel Walsh 2006-05-05 11:01:42 EDT
Closing as these have been marked as modified, for a while.  Feel free to reopen
if not fixed

Note You need to log in before you can comment on or make changes to this bug.