-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Tim Dunphy kirjoitti 7.11.2016 4:45:
> hey guys, > > Running into an issue with SELinux on my bacula server. > > With selinux turned on, I can't write to the backup directory. > > This is what I get when I try: > > [root@ops:~] #getenforce > Enforcing > > Connecting to Storage daemon File at ops.example.com:9103 ... > Sending label command for Volume "jf-backup-tape-0002" Slot 0 ... > 3910 Unable to open device ""FileStorage" (/backup/tapes)": > ERR=file_dev.c:172 Could not > open(/backup/tapes/jf-backup-tape-0002,CREATE_READ_WRITE,0640): > ERR=Permission denied > > Label command failed for Volume jf-backup-tape-0002. > Do not forget to mount the drive!!! > > With selinux turned off it's no problem: > > [root@ops:~] #getenforce > Permissive > > Connecting to Storage daemon File at ops.example.com:9103 ... > Sending label command for Volume "jf-backup-tape-0002" Slot 0 ... > 3000 OK label. VolBytes=208 DVD=0 Volume="jf-backup-tape-0002" > Device="FileStorage" (/backup/tapes) > Catalog record for Volume "jf-backup-tape-0002", Slot 0 successfully created. > Requesting to mount FileStorage ... > 3001 OK mount requested. Device="FileStorage" (/backup/tapes) > You have messages. > > I tried running these commands to leave SELinux on in order to get backups > working properly: > > semanage fcontext -a -t bacula_var_run_t '/backup/tapes(/.*)?' > > restorecon -R -v /backup/tapes > > However that made no difference. Still can't write to the directory after > running those commands. > > Any thoughts? I have this script: http://pastebin.ca/3737070 Make it as "selinux-set-app" and then # selinux-set-app bacula --auto That should do it. Beware: this can be a dangerous tool, especially when used blindly with --auto! You can give way too much power for apps like php and such... - -- ja...@iki.fi -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlggSE8ACgkQKL4IzOyjSrY2KgCgxS1bqixlTKS2LNbL3kOhj0U1 YwEAoK6bw/v8eBkfdqRadCJyflJml/Vs =WdFN -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
