From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050720 Fedora/1.0.6-1.1.fc4 Firefox/1.0.6 Description of problem: I have been happily backing up tapes with amanda for a long time, first with a locally compiled version, now with the one shipped with FC4. For the first time today, I tried to recover a file with /usr/sbin/amrecover and received the error [root@apollo ~]# /usr/sbin/amrecover -bash: /usr/sbin/amrecover: Permission denied [root@apollo ~]# ldd /usr/sbin/amrecover /usr/bin/ldd: line 124: /usr/sbin/amrecover: Permission denied This is really very strange. Every other executable in /usr/sbin is fine. For example: [root@apollo ~]# ldd /usr/sbin/amrestore linux-gate.so.1 => (0x40000000) libamtape-2.4.5.so => /usr/lib/libamtape-2.4.5.so (0x00b58000) libamanda-2.4.5.so => /usr/lib/libamanda-2.4.5.so (0x00ba1000) libm.so.6 => /lib/libm.so.6 (0x00b31000) libtermcap.so.2 => /lib/libtermcap.so.2 (0x00d2f000) libnsl.so.1 => /lib/libnsl.so.1 (0x00952000) libc.so.6 => /lib/libc.so.6 (0x00a06000) /lib/ld-linux.so.2 (0x009e8000) [root@apollo ~]# /usr/sbin/amrestore amrestore: Must specify tape-device or holdingfile amrestore: Usage: amrestore [-b blocksize] [-r|-c] [-p] [-h] [-f fileno] [-l label] tape-device|holdingfile [hostname [diskname [datestamp [hostname [diskname [datestamp ... ]]]]]] I have tried rebuilding amanda from the source RPM and reinstalling amanda-client, to no avail. Version-Release number of selected component (if applicable): amanda-2.4.5-2 How reproducible: Always Steps to Reproduce: 1. Execute /usr/sbin/amrecover either as root, amanda, or any other user Actual Results: "Permission denied" Expected Results: The executable should, well, execute. Additional info: I do have SELinux enabled in targeted mode on this system, a dual CPU Athlon machine. Since it is a heavily used server I have not tried disabling SELinux to see if that would fix the problem. The system in question is a fresh install of FC4, not an upgrade from a previous release.
That's odd. amrecover works fine on my FC4 system. Can you show the output of "ls -lZ /usr/sbin/amrecover" and "id" when logged in as root?
[root@apollo ~]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=root:system_r:unconfined_t [root@apollo ~]# ls -lZ /usr/sbin/amrecover -rwxr-x--- amanda disk system_u:object_r:amanda_recover_exec_t /usr/sbin/amrecover This is the correct context for amrecover according to /etc/selinux/targeted/contexts/files/file_contexts from selinux-policy-targeted version 1.25.4-10.
AHA! It's an selinux problem. I can reproduce the problem by going into system-config-securitylevel and setting the SELinux mode to Enforcing. I'm reassigning this to the SELinux policy maintainers. In the mean time, for a workaround, you can set you SELinux mode to Permissive while doing the restore.
Fixed in selinux-policy-*-1.27.1-2.1