There's an option to get selinux to report on all the 'don't audit'
bits, which can be toggled on and off as needed. This may help in debugging.
On 01/19/2017 06:25 PM, Jon LaBadie wrote:
> Anyone familiar with the selinux policy for the
> amanda backup software package? I'm getting lots
> of data not being backed up. For example, under
> /home there are 2 directory trees owned by root.
> Those get backed up, user home dirs do not.
>
> No AVC denials nor messages in /var/log/messages
> or journalctl log. But if I turn off selinux
> enforcing, or set amanda_t type to permissive,
> complete backups are made.
>
> I expected the selinux policy would have allowed
> amanda to be able to read all files. Else, how
> does one make backups?
>
> I'm seeing this on CentOS 7.2, Fedora 24 & 25.
> Amanda packages from the respective distro repos.
> As far as I can tell, the selinux policies are
> the same in all three. But then, I know little
> selinux speak.
>
> Jon
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
