[CentOS] amanda and selinux

Sat Jan 21 01:29:29 UTC 2017
John Jasen <jjasen at realityfailure.org>

There's an option to get selinux to report on all the 'don't audit'
bits, which can be toggled on and off as needed. This may help in debugging.

On 01/19/2017 06:25 PM, Jon LaBadie wrote:
> Anyone familiar with the selinux policy for the
> amanda backup software package?  I'm getting lots
> of data not being backed up.  For example, under
> /home there are 2 directory trees owned by root.
> Those get backed up, user home dirs do not.
> No AVC denials nor messages in /var/log/messages
> or journalctl log.  But if I turn off selinux
> enforcing, or set amanda_t type to permissive,
> complete backups are made.
> I expected the selinux policy would have allowed
> amanda to be able to read all files.  Else, how
> does one make backups?
> I'm seeing this on CentOS 7.2, Fedora 24 & 25.
> Amanda packages from the respective distro repos.
> As far as I can tell, the selinux policies are
> the same in all three.  But then, I know little
> selinux speak.
> Jon