Description of problem: During backup of FC5 box with amanda, the dum program produces strange message. Because of turning selinux OFF seems to make the message disappear, I am reporting this as problem with selinux and not with amanda. The message is "? device-mapper: version ioctl failed: Permission denied". Version-Release number of selected component (if applicable): FC5 box daily updated, so all versions are the latest. The bug persists during several selinux updates. How reproducible: Remotely backup filesystem on FC5 box using amanda. Steps to Reproduce: 1. 2. 3. Actual results: FAILED AND STRANGE DUMP DETAILS: /-- srv04 sda5 lev 1 STRANGE sendbackup: start [srv04:sda5 level 1] sendbackup: info BACKUP=/sbin/dump sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc |/sbin/restore -f... - sendbackup: info COMPRESS_SUFFIX=.gz sendbackup: info end ? device-mapper: version ioctl failed: Permission denied | DUMP: Date of this level 1 dump: Fri May 26 01:14:01 2006 | DUMP: Date of last level 0 dump: Thu May 25 01:14:27 2006 | DUMP: Dumping /dev/sda5 (/home) to standard output | DUMP: Label: /home | DUMP: Writing 10 Kilobyte records | DUMP: mapping (Pass I) [regular files] | DUMP: mapping (Pass II) [directories] | DUMP: estimated 705 blocks. | DUMP: Volume 1 started with block 1 at: Fri May 26 01:14:08 2006 | DUMP: dumping (Pass III) [directories] | DUMP: dumping (Pass IV) [regular files] | DUMP: Volume 1 completed at: Fri May 26 01:14:09 2006 | DUMP: Volume 1 710 blocks (0.69MB) | DUMP: Volume 1 took 0:00:01 | DUMP: Volume 1 transfer rate: 710 kB/s | DUMP: 710 blocks (0.69MB) | DUMP: finished in 1 seconds, throughput 710 kBytes/sec | DUMP: Date of this level 1 dump: Fri May 26 01:14:01 2006 | DUMP: Date this dump completed: Fri May 26 01:14:09 2006 | DUMP: Average transfer rate: 710 kB/s | DUMP: DUMP IS DONE sendbackup: size 355 sendbackup: end Expected results: No message about failed ioctl. Additional info: Changing username/group to root in xinetd configuration for amanda does not help, it is still necessary to turn off selinux to make the error message disapper.
Are you seeing AVC messages in /var/log/messages or /var/log/audit/audit.log?
(In reply to comment #0) > Description of problem: > > During backup of FC5 box with amanda, the dum program produces strange message. > Because of turning selinux OFF seems to make the message disappear, I am > reporting this as problem with selinux and not with amanda. The message is > > "? device-mapper: version ioctl failed: Permission denied". > > > Version-Release number of selected component (if applicable): > > FC5 box daily updated, so all versions are the latest. The bug persists during > several selinux updates. > > How reproducible: > > Remotely backup filesystem on FC5 box using amanda. > > > Steps to Reproduce: > 1. > 2. > 3. > > Actual results: > > FAILED AND STRANGE DUMP DETAILS: > > /-- srv04 sda5 lev 1 STRANGE > sendbackup: start [srv04:sda5 level 1] > sendbackup: info BACKUP=/sbin/dump > sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc |/sbin/restore -f... - > sendbackup: info COMPRESS_SUFFIX=.gz > sendbackup: info end > ? device-mapper: version ioctl failed: Permission denied > | DUMP: Date of this level 1 dump: Fri May 26 01:14:01 2006 > | DUMP: Date of last level 0 dump: Thu May 25 01:14:27 2006 > | DUMP: Dumping /dev/sda5 (/home) to standard output > | DUMP: Label: /home > | DUMP: Writing 10 Kilobyte records > | DUMP: mapping (Pass I) [regular files] > | DUMP: mapping (Pass II) [directories] > | DUMP: estimated 705 blocks. > | DUMP: Volume 1 started with block 1 at: Fri May 26 01:14:08 2006 > | DUMP: dumping (Pass III) [directories] > | DUMP: dumping (Pass IV) [regular files] > | DUMP: Volume 1 completed at: Fri May 26 01:14:09 2006 > | DUMP: Volume 1 710 blocks (0.69MB) > | DUMP: Volume 1 took 0:00:01 > | DUMP: Volume 1 transfer rate: 710 kB/s > | DUMP: 710 blocks (0.69MB) > | DUMP: finished in 1 seconds, throughput 710 kBytes/sec > | DUMP: Date of this level 1 dump: Fri May 26 01:14:01 2006 > | DUMP: Date this dump completed: Fri May 26 01:14:09 2006 > | DUMP: Average transfer rate: 710 kB/s > | DUMP: DUMP IS DONE > sendbackup: size 355 > sendbackup: end > > > > Expected results: > > No message about failed ioctl. > > Additional info: > > Changing username/group to root in xinetd configuration for amanda does not > help, it is still necessary to turn off selinux to make the error message disapper. (In reply to comment #0) > Description of problem: > > During backup of FC5 box with amanda, the dum program produces strange message. > Because of turning selinux OFF seems to make the message disappear, I am > reporting this as problem with selinux and not with amanda. The message is > > "? device-mapper: version ioctl failed: Permission denied". > > > Version-Release number of selected component (if applicable): > > FC5 box daily updated, so all versions are the latest. The bug persists during > several selinux updates. > > How reproducible: > > Remotely backup filesystem on FC5 box using amanda. > > > Steps to Reproduce: > 1. > 2. > 3. > > Actual results: > > FAILED AND STRANGE DUMP DETAILS: > > /-- srv04 sda5 lev 1 STRANGE > sendbackup: start [srv04:sda5 level 1] > sendbackup: info BACKUP=/sbin/dump > sendbackup: info RECOVER_CMD=/usr/bin/gzip -dc |/sbin/restore -f... - > sendbackup: info COMPRESS_SUFFIX=.gz > sendbackup: info end > ? device-mapper: version ioctl failed: Permission denied > | DUMP: Date of this level 1 dump: Fri May 26 01:14:01 2006 > | DUMP: Date of last level 0 dump: Thu May 25 01:14:27 2006 > | DUMP: Dumping /dev/sda5 (/home) to standard output > | DUMP: Label: /home > | DUMP: Writing 10 Kilobyte records > | DUMP: mapping (Pass I) [regular files] > | DUMP: mapping (Pass II) [directories] > | DUMP: estimated 705 blocks. > | DUMP: Volume 1 started with block 1 at: Fri May 26 01:14:08 2006 > | DUMP: dumping (Pass III) [directories] > | DUMP: dumping (Pass IV) [regular files] > | DUMP: Volume 1 completed at: Fri May 26 01:14:09 2006 > | DUMP: Volume 1 710 blocks (0.69MB) > | DUMP: Volume 1 took 0:00:01 > | DUMP: Volume 1 transfer rate: 710 kB/s > | DUMP: 710 blocks (0.69MB) > | DUMP: finished in 1 seconds, throughput 710 kBytes/sec > | DUMP: Date of this level 1 dump: Fri May 26 01:14:01 2006 > | DUMP: Date this dump completed: Fri May 26 01:14:09 2006 > | DUMP: Average transfer rate: 710 kB/s > | DUMP: DUMP IS DONE > sendbackup: size 355 > sendbackup: end > > > > Expected results: > > No message about failed ioctl. > > Additional info: > > Changing username/group to root in xinetd configuration for amanda does not > help, it is still necessary to turn off selinux to make the error message disapper. (In reply to comment #1) > Are you seeing AVC messages in /var/log/messages or /var/log/audit/audit.log? Hello. Sorry fur delay in answering. Yes, there were some messages in logfiles, but please read below. Since I have reported this problem, I have encountered the same behavior on about five FC5/FC6 boxes. And it appears that running "fixfiles relabel" is enough to fix the problem. My investigation shows that all these systems were run with selinux turned off for some time by less experienced local admins and this and some copy operations with seliinux turned off is probably the source of the problem. Then, when booted with selinux in permissive mode, it started to complain. Sorry for creating this false bugreport - IMHO it is time to close it with NOTABUG status. Brgds, Ed
All of these bugs should be fixed in FC6, You could attempt to use the FC6 policy on FC5 or upgrade. Or you could use audit2allow -M mypolicy -i /var/log/audit/audit.log and build local customized policy