Amanda And Selinux
Anyone familiar with the selinux policy for the amanda backup software package? I’m getting lots of data not being backed up. For example, under
/home there are 2 directory trees owned by root. Those get backed up, user home dirs do not.
No AVC denials nor messages in /var/log/messages or journalctl log. But if I turn off selinux enforcing, or set amanda_t type to permissive, complete backups are made.
I expected the selinux policy would have allowed amanda to be able to read all files. Else, how does one make backups?
I’m seeing this on CentOS 7.2, Fedora 24 & 25. Amanda packages from the respective distro repos. As far as I can tell, the selinux policies are the same in all three. But then, I know little selinux speak.
Jon
2 thoughts on - Amanda And Selinux
There’s an option to get selinux to report on all the ‘don’t audit’
bits, which can be toggled on and off as needed. This may help in debugging.
Yes, “sesearch -D”. And there are several dealing with amanda, mostly about recovery from backup. I don’t see any that appear to deal with file reads.
This may be moot though, auditd is not running on my system. I’m not sure why the change, but the audit logs stop last October. When I try to start auditd, it exits with the error
“audit support not enabled in kernel”.
Jon