[CentOS] Selinux issues with 7.1 update
Joseph L. Casale
jcasale at activenetwerx.comSun Apr 5 15:36:35 UTC 2015
- Previous message: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
- Next message: [CentOS] Firewall-config NetworkManager Problem (Centos-7( 1))
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I am trying to update some local policies for bacula that allow a series of clients with pre run scripts to su in order to perform some preparatory work for a backup. With selinux enforcing, the su is denied obviously execute as bacula_t tries su_exec_t. You only see this with enforcing enabled? So creating an initial policy for that (this is not the way to do this) allows one more avc to appear for execute_no_ as bacula_t tries su_exec_t again. The problem is once these are enabled with local policies they seem to be ignored producing the same avc's. Why are the initial avc's not generated in permissive allowing a complete policy to be derived? If they can't appear in permissive mode, even after playing wackamole with avc's one by one, there is no resolution as they continue to get denied. Anyone else seeing similar or know what I am missing? Bacula-fd runs as root/root. Thanks, jlc
- Previous message: [CentOS] Fail2Ban Centos 7 is there a trick to making it work?
- Next message: [CentOS] Firewall-config NetworkManager Problem (Centos-7( 1))
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list