There's an option to get selinux to report on all the 'don't audit' bits, which can be toggled on and off as needed. This may help in debugging. On 01/19/2017 06:25 PM, Jon LaBadie wrote: > Anyone familiar with the selinux policy for the > amanda backup software package? I'm getting lots > of data not being backed up. For example, under > /home there are 2 directory trees owned by root. > Those get backed up, user home dirs do not. > > No AVC denials nor messages in /var/log/messages > or journalctl log. But if I turn off selinux > enforcing, or set amanda_t type to permissive, > complete backups are made. > > I expected the selinux policy would have allowed > amanda to be able to read all files. Else, how > does one make backups? > > I'm seeing this on CentOS 7.2, Fedora 24 & 25. > Amanda packages from the respective distro repos. > As far as I can tell, the selinux policies are > the same in all three. But then, I know little > selinux speak. > > Jon