OK, after beating my head against the wall for an hour or so, I finally figured out why I could not SSH from a MacMini (running MacOSX 10.11.6) to my Linux Desktop (running CentOS 6), using the amandabackup account with public key authentification. SELinux!

It seems the SELinux won’t allow this if the target user’s “home” directory is does not have a _home_t security context.

It there some trick/hack to fix this *specifically* for the amandabackup account?

Right now the amandabackup $HOME is /var/lib/amanda/
and its security context is system_u:object_r:amanda_var_lib_t:s0

It of course needs to retain this for amanda to work. But I need to do something non-standard: I am not able to build a *working* version of the amanda client on the Mac. Despite what it says on the amanda.org website, Amanda is basically not supported under BSD (MacOSX is basically BSD) and I am not getting help on the Amanda mailing lists. I need to backup this machine, so I am going to punt and resurect a script I was using before I started using Amanda and do an independent backup process, but I want to put the backups on the same disk that amandabackup is using and the disk is set up to be written by amandabackup, so I want to use the amandabackup to write the files, using ssh from the amanda account on the Mac.

Is there some hack to get SELinux to cooperate with this scheme? Or do I have to do something else?