Bug 443870 - amanda tape server failures
amanda tape server failures
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
8
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-23 15:38 EDT by Orion Poplawski
Modified: 2008-05-07 13:44 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-07 13:44:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Orion Poplawski 2008-04-23 15:38:44 EDT
Description of problem:

Cannot recover from F8 amanda tape server.  Get the following denials:

audit(1208978772.401:25): avc:  denied  { add_name } for  pid=25186
comm="amidxtaped" name="log" scontext=root:system_r:amanda_t:s0-s0:c0.c1023
tcontext=system_u:object_r:amanda_data_t:s0 tclass=dir
audit(1208978772.407:26): avc:  denied  { write } for  pid=25186
comm="amidxtaped" name="info" dev=sdc1 ino=97
scontext=root:system_r:amanda_t:s0-s0:c0.c1023 tcontext=root:object_r:file_t:s0
tclass=file

It creates /var/lib/amanda/<config>/log.  

info is being written to the amanda vtape directory.  Unfortunately, this can be
anywhere really.  So I need to label it properly.  I'm assuming amanda_data_t
would be correct?

Version-Release number of selected component (if applicable):
selinux-policy-3.0.8-95.fc8
Comment 1 Daniel Walsh 2008-05-02 15:20:53 EDT
Yes, Sorry missed this one last week.  How did you end up with files labeled
file_t? 

Comment 2 Orion Poplawski 2008-05-06 18:16:35 EDT
(In reply to comment #1)
> Yes, Sorry missed this one last week.  How did you end up with files labeled
> file_t? 

Well, it's a removable disk, so it was created with mkfs who knows how long ago
at this point.

I'm fully expecting that I'll need to label it manually, just need to know what
that should be.
Comment 3 Daniel Walsh 2008-05-07 06:11:07 EDT
amanda_data_t should be correct.

I would just mount it and run restorecon on it.
Comment 4 Orion Poplawski 2008-05-07 11:42:16 EDT
That should handle the second error, but what about this one:

udit(1208978772.401:25): avc:  denied  { add_name } for  pid=25186
comm="amidxtaped" name="log" scontext=root:system_r:amanda_t:s0-s0:c0.c1023
tcontext=system_u:object_r:amanda_data_t:s0 tclass=dir
Comment 5 Daniel Walsh 2008-05-07 13:44:58 EDT
Oops missed that.

-Fixed in selinux-policy-3.3.1-48.fc9

Note You need to log in before you can comment on or make changes to this bug.