[CentOS] CentOS 6 SELinux question: inbound ssh.

Sun Aug 18 01:42:02 UTC 2019
Robert Heller <heller at deepsoft.com>

OK, after beating my head against the wall for an hour or so, I finally 
figured out why I could not ssh from a MacMini (running MacOSX 10.11.6) to my 
Linux Desktop (running CentOS 6), using the amandabackup account with public 
key authentification.  SELinux!

It seems the SELinux won't allow this if the target user's "home" directory is 
does not have a <mumble>_home_t security context.

It there some trick/hack to fix this *specifically* for the amandabackup 
account?

Right now the amandabackup $HOME is /var/lib/amanda/
and its security context is system_u:object_r:amanda_var_lib_t:s0

It of course needs to retain this for amanda to work. But I need to do
something non-standard: I am not able to build a *working* version of the
amanda client on the Mac. Despite what it says on the amanda.org website,
Amanda is basically not supported under BSD (MacOSX is basically BSD) and I am
not getting help on the Amanda mailing lists. I need to backup this machine,
so I am going to punt and resurect a script I was using before I started using
Amanda and do an independent backup process, but I want to put the backups on
the same disk that amandabackup is using and the disk is set up to be written
by amandabackup, so I want to use the amandabackup to write the files, using 
ssh from the amanda account on the Mac.

Is there some hack to get SELinux to cooperate with this scheme?  Or do I have 
to do something else?

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services