On Thu, 6 Apr 2006, Stephen Smalley wrote:
On Wed, 2006-04-05 at 18:42 -0400, Matthew Saltzman wrote:
My amanda clients are seeing the following:
kernel: audit(1144217150.855:17): avc: denied { name_bind } for
pid=3707 comm="sendbackup" src=697
scontext=system_u:system_r:amanda_t:s0
tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
And they don't work.
How to fix, please? TIA.
port 697 is listed as uuidgen in /etc/services, so specifically mapping
it to an amanda port type and allowing amanda to bind to it seems wrong.
If this is just a result of probing for any available low port for NIS,
then the allow_ypbind boolean is likely relevant; try enabling it.
That stops the denial messages, but Amanda still isn't working. It fails
with "too many dumper retry". I'm not getting denials, though, so I
suppose that must be something else?
(Running nscd doesn't seem to help matters.)
Also, this seems strange as a solution as this network doesn't run NIS. I
do have all the amanda-related ports open on both server and client. I
had no problems running amanda under FC4. My server is FC4 and it backs
itself and an RH7.3 machine up with no problems. Only my FC5 clients have
issues.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
