Re: Unexpected behavior in permissive mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 04/10/2015 01:51 PM, Joseph L. Casale wrote:
>> Are there any scripts which you can defined? Or did you get it
>> by default? It looks bacula is an administrative tool which is
>> going to be unconfined domain.
> 
> Hi Miroslav, The backup daemon has commands in its configuration
> that invokes without a shell for example in this case:
> 
> su -c '/usr/bin/pg_dumpall -U postgres -f
> /tmp/pg_dumpall_output.sql' - postgres
> 
> Do suggest that moving this into a script that is labeled
> explicitly might help?
> 
> Thanks, jlc
> 

Yes, it would be fine to have it as default in bacula. For example to
have them in

/usr/libexec/bacula

You can open a new policy bug where we can discuss it and ask bacula
folks.


- -- 
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJVJ8lkAAoJENrcHks50T0JdIkIAIbxJPfQ4UsactPEBxaYjcIw
wqBzRLDkH1igRI+5EdyG7DPAwWmBDmi4j2Dif6lPAQEmWIAlRDIQFNtOL0EKy6du
ibyAxYrJOEj4HhwDtLuLBOJdZRyV55nbj44Hd/7lpBg6RSQthxlhQ1OrcT1XR+gY
lZxFzwijBpIkJxsamPULYREI7ifOYGnsbQr+C3FpizC8K/VOXlSBIBRjmHmkMQSW
mGgx6cyz+wWAaLuGRs43stbighIeuNywUui8Xoitp4tREaEVzUOJemZXCSGQrVDL
V6WohBdaEYxYV7K0o1z1Afbo0gYKxt9OzIrRgtLF/FeKGVFARhmrN1aj0UxL65Y=
=bat4
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux





[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux