-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 04/10/2015 01:51 PM, Joseph L. Casale wrote: >> Are there any scripts which you can defined? Or did you get it >> by default? It looks bacula is an administrative tool which is >> going to be unconfined domain. > > Hi Miroslav, The backup daemon has commands in its configuration > that invokes without a shell for example in this case: > > su -c '/usr/bin/pg_dumpall -U postgres -f > /tmp/pg_dumpall_output.sql' - postgres > > Do suggest that moving this into a script that is labeled > explicitly might help? > > Thanks, jlc > Yes, it would be fine to have it as default in bacula. For example to have them in /usr/libexec/bacula You can open a new policy bug where we can discuss it and ask bacula folks. - -- Miroslav Grepl Software Engineering, SELinux Solutions Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJVJ8lkAAoJENrcHks50T0JdIkIAIbxJPfQ4UsactPEBxaYjcIw wqBzRLDkH1igRI+5EdyG7DPAwWmBDmi4j2Dif6lPAQEmWIAlRDIQFNtOL0EKy6du ibyAxYrJOEj4HhwDtLuLBOJdZRyV55nbj44Hd/7lpBg6RSQthxlhQ1OrcT1XR+gY lZxFzwijBpIkJxsamPULYREI7ifOYGnsbQr+C3FpizC8K/VOXlSBIBRjmHmkMQSW mGgx6cyz+wWAaLuGRs43stbighIeuNywUui8Xoitp4tREaEVzUOJemZXCSGQrVDL V6WohBdaEYxYV7K0o1z1Afbo0gYKxt9OzIrRgtLF/FeKGVFARhmrN1aj0UxL65Y= =bat4 -----END PGP SIGNATURE----- -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
