Bug 240926 - need rules for amrecover operations
need rules for amrecover operations
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-22 18:59 EDT by Orion Poplawski
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-09-10 15:06:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2007-05-22 18:59:59 EDT
Description of problem:

When running amrecover I get the following avc denials on the server.  The
server is running amanda 2.5.2 which is not yet in Fedora, but should be someday.

May 21 09:58:10 saga kernel: audit(1179763090.581:14): avc:  denied  { write }
for  pid=32275 comm="amindexd" name="_var_lib_mysql" dev=dm-2 ino=223
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
May 21 09:58:10 saga kernel: audit(1179763090.583:15): avc:  denied  { add_name
} for  pid=32275 comm="amindexd" name="20070518210003_1"
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
May 21 09:58:10 saga kernel: audit(1179763090.583:16): avc:  denied  { create }
for  pid=32275 comm="amindexd" name="20070518210003_1"
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=file
May 21 09:58:10 saga kernel: audit(1179763090.647:17): avc:  denied  { write }
for  pid=32470 comm="sort" name="20070518210003_1" dev=dm-2 ino=92
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=file
May 21 09:59:41 saga kernel: audit(1179763181.668:18): avc:  denied  { create }
for  pid=32542 comm="amidxtaped" name="log"
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_data_t:s0 tclass=file
May 21 09:59:41 saga kernel: audit(1179763181.680:19): avc:  denied  { append }
for  pid=32542 comm="amidxtaped" name="log" dev=dm-2 ino=111199
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_data_t:s0 tclass=file
May 21 09:59:44 saga kernel: audit(1179763184.880:20): avc:  denied  { unlink }
for  pid=32542 comm="amidxtaped" name="log" dev=dm-2 ino=111199
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_data_t:s0 tclass=file
May 21 10:07:51 saga kernel: audit(1179763671.399:21): avc:  denied  { write }
for  pid=32275 comm="amindexd" name="_var_lib_mysql" dev=dm-2 ino=223
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
May 21 10:07:51 saga kernel: audit(1179763671.399:22): avc:  denied  {
remove_name } for  pid=32275 comm="amindexd" name="20070514210004_1" dev=dm-2
ino=231 scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=dir
May 21 10:07:51 saga kernel: audit(1179763671.399:23): avc:  denied  { unlink }
for  pid=32275 comm="amindexd" name="20070514210004_1" dev=dm-2 ino=231
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:amanda_var_lib_t:s0 tclass=file

Basically the index server (amindexd) uncompresses indexes in
/var/lib/amanda/<BackupSet>/index/<host>/<path>/ and the tape server
(amidxtaped) writes a log file in /var/lib/amanda/<BackupSet>/ just like the
regular amdump programs.

Version-Release number of selected component (if applicable):
selinux-policy-2.4.6-62.fc6
Comment 1 Daniel Walsh 2007-09-10 10:25:40 EDT
Fixed in selinux-policy-2.4.6-88.fc6
Comment 2 Orion Poplawski 2007-09-10 15:06:50 EDT
I'm resolving because I've moved on to Fedora 7 and this works for me there. 
Thanks!

Note You need to log in before you can comment on or make changes to this bug.