[CentOS] amanda and selinux

Thu Jan 19 23:25:37 UTC 2017
Jon LaBadie <jcu at labadie.us>

Anyone familiar with the selinux policy for the
amanda backup software package?  I'm getting lots
of data not being backed up.  For example, under
/home there are 2 directory trees owned by root.
Those get backed up, user home dirs do not.

No AVC denials nor messages in /var/log/messages
or journalctl log.  But if I turn off selinux
enforcing, or set amanda_t type to permissive,
complete backups are made.

I expected the selinux policy would have allowed
amanda to be able to read all files.  Else, how
does one make backups?

I'm seeing this on CentOS 7.2, Fedora 24 & 25.
Amanda packages from the respective distro repos.
As far as I can tell, the selinux policies are
the same in all three.  But then, I know little
selinux speak.

Jon H. LaBadie                 jon at jgcomp.com
 11226 South Shore Rd.          (703) 787-0688 (H)
 Reston, VA  20190              (703) 935-6720 (C)