On Tue, Sep 28, 2010 at 01:01:52AM -0400, Gene Heskett wrote: > On Tuesday, September 28, 2010 12:48:54 am Jon LaBadie did opine: > > > Has anyone attempted to create selinux ?rules/policies? > > suitable for an amanda installation? > > > > After installing user "amandabackup" with a home dir > > of /var/lib/amanda, I get a lot of warning notices > > about how an ordinary user app should not need to > > be accessing things in /var. Never mind that it > > is accessing things in its own home directory :) > > > > Jon > > I have run that headache of and on for 2 or 3 years Jon, and IMO, it is a > solution in search of a problem that has been disabled in my local kernel > builds since at least a year ago. There is a mailing list for it on the > fedora site where the advice is generally spot on. ... > It has 3 modes, off (0), permissive(1) where it reports as if it has denied > so and so but allows it anyway, and enforcing(3) where it actually works. > > The first thing to do is touch /.autorelabel and reboot. It will attempt to > relabel things.
Yeah, I'm using permissive mode on the one Fedora box. > But I have no idea about /var/lib/amanda as a home dir. I have amanda's > home dir in /home/amanda. > > Are you building from tarballs, or package manager compatible, like rpms or > debs? I went the ?easier? way this time and got the prebuilt binaries. They create user "amandabackup" with home dir /var/lib/amanda. Including appropriate selinux policies for Fedora builds might be another feature enhancement request or "nitpick". Jon -- Jon H. LaBadie j...@jgcomp.com JG Computing 12027 Creekbend Drive (703) 787-0884 Reston, VA 20194 (703) 787-0922 (fax)