Bug 208194 - Extra policy needed for amanda 2.5.1
Extra policy needed for amanda 2.5.1
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-09-26 17:37 EDT by Orion Poplawski
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-02-09 16:29:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2006-09-26 17:37:23 EDT
Description of problem:

I'm starting to run amanda 2.5.1 because of problems introduce with releasing
tar 1.5.91 to FC5, which may cause 2.5.1 to be released for FC5.  I ran into the
following new avc denials which will need fixing:

audit(1159305833.612:1332): avc:  denied  { create } for  pid=16542
comm="amandad" name="amandad" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_log_t:s0 tclass=dir
audit(1159301717.351:195): avc:  denied  { create } for  pid=11723
comm="sendsize" name="client" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_log_t:s0 tclass=dir

amanda now creates directories in /var/log/amanda

I'll be doing a full run tonight.  We'll see if anything else pops up.

Version-Release number of selected component (if applicable):
selinux-policy-2.3.7-2.fc5
Comment 1 Daniel Walsh 2006-09-28 14:43:28 EDT
Fixed in selinux-policy-2.3.16-6
Comment 2 Orion Poplawski 2006-11-02 11:40:36 EST
Some others showing up:

Nov  1 21:32:47 saga kernel: audit(1162441967.934:45): avc:  denied  { create }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:46): avc:  denied  { bind }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:47): avc:  denied  { getattr }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:48): avc:  denied  { write }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:49): avc:  denied  {
nlmsg_read } for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Nov  1 21:32:47 saga kernel: audit(1162441967.934:50): avc:  denied  { read }
for  pid=19009 comm="tar" scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:system_r:amanda_t:s0 tclass=netlink_route_socket
Comment 3 Orion Poplawski 2007-02-09 16:29:30 EST
Not seeing any more messages with 2.5.1p1 and FC6.

Note You need to log in before you can comment on or make changes to this bug.