On 11/7/2016 7:51 AM, Kern Sibbald wrote:
Hello,
Selinux is always an administrative problem as several people have
already noted. If you really want to use Selinux, you might look at
the RedHat (CentOS) distribution. Since they support Bacula, I am
pretty sure that they provide all the necessary Selinux scripts that
contain the appropriate permissions.
They do, but Selinux is particularly cumbersome for an app like
bacula-fd that will require read access to nearly every file on the
system. That requirement pretty much negates the usefulness of selinux
for Bacula, or any other backup app.
Best regards,
Kern
On 11/07/2016 03:45 AM, Tim Dunphy wrote:
hey guys,
Running into an issue with SELinux on my bacula server.
With selinux turned on, I can't write to the backup directory.
This is what I get when I try:
[root@ops:~] #getenforce
Enforcing
Connecting to Storage daemon File at ops.example.com:9103
<http://ops.example.com:9103> ...
Sending label command for Volume "jf-backup-tape-0002" Slot 0 ...
3910 Unable to open device ""FileStorage" (/backup/tapes)":
ERR=file_dev.c:172 Could not
open(/backup/tapes/jf-backup-tape-0002,CREATE_READ_WRITE,0640):
ERR=Permission denied
Label command failed for Volume jf-backup-tape-0002.
Do not forget to mount the drive!!!
With selinux turned off it's no problem:
[root@ops:~] #getenforce
Permissive
Connecting to Storage daemon File at ops.example.com:9103
<http://ops.example.com:9103> ...
Sending label command for Volume "jf-backup-tape-0002" Slot 0 ...
3000 OK label. VolBytes=208 DVD=0 Volume="jf-backup-tape-0002"
Device="FileStorage" (/backup/tapes)
Catalog record for Volume "jf-backup-tape-0002", Slot 0 successfully
created.
Requesting to mount FileStorage ...
3001 OK mount requested. Device="FileStorage" (/backup/tapes)
You have messages.
I tried running these commands to leave SELinux on in order to get
backups working properly:
semanage fcontext -a -t bacula_var_run_t '/backup/tapes(/.*)?'
restorecon -R -v /backup/tapes
However that made no difference. Still can't write to the directory
after running those commands.
Any thoughts?
Thanks,
Tim
--
GPG me!!
gpg --keyserver pool.sks-keyservers.net
<http://pool.sks-keyservers.net> --recv-keys F186197B
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today.http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
------------------------------------------------------------------------------
Developer Access Program for Intel Xeon Phi Processors
Access to Intel Xeon Phi processor-based developer platforms.
With one year of Intel Parallel Studio XE.
Training and support from Colfax.
Order your platform today. http://sdm.link/xeonphi
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
