On Tuesday, September 28, 2010 12:48:54 am Jon LaBadie did opine: > Has anyone attempted to create selinux ?rules/policies? > suitable for an amanda installation? > > After installing user "amandabackup" with a home dir > of /var/lib/amanda, I get a lot of warning notices > about how an ordinary user app should not need to > be accessing things in /var. Never mind that it > is accessing things in its own home directory :) > > Jon
I have run that headache of and on for 2 or 3 years Jon, and IMO, it is a solution in search of a problem that has been disabled in my local kernel builds since at least a year ago. There is a mailing list for it on the fedora site where the advice is generally spot on. Here, I'm sitting behind a dd-wrt based router, so I don't worry too much about outsiders getting in. Its a darned good firewall. So I don't run it here since it annoys me far more than the attacker since there hasn't been a successful attack in about 4 years of running dd-wrt. I don't even run iptables on this box. It has 3 modes, off (0), permissive(1) where it reports as if it has denied so and so but allows it anyway, and enforcing(3) where it actually works. The first thing to do is touch /.autorelabel and reboot. It will attempt to relabel things. But I have no idea about /var/lib/amanda as a home dir. I have amanda's home dir in /home/amanda. Are you building from tarballs, or package manager compatible, like rpms or debs? -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Quid me anxius sum? [ What? Me, worry? ]