Bacula-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Bacula-users] CentOS 6.6 SELINUX Problems BACULA 5.2.18 [Help]

2014-11-09 04:33:18
Subject: Re: [Bacula-users] CentOS 6.6 SELINUX Problems BACULA 5.2.18 [Help]
From: Simone Caronni <negativo17 AT gmail DOT com>
To: Humphrey Bryant <hbryant AT fogadaley DOT com>
Date: Sun, 09 Nov 2014 10:27:28 +0100 
Hello,

you should do some debugging on the SELinux side, this is not related to
Bacula. It is too complicated to explain by mail, Redhat docs are very
good in this regard.

On Fri, 2014-11-07 at 13:06 -0500, Humphrey Bryant wrote:
> I check, recheck and double check all permissions on my volumes/files
> and directory and everything was OK but when i run the backup they
> still hang nonetheless. It was after I temporarily disabled SELINUX
> backup start working again, so I am of the conclusion that SELINUX is
> at fault here..
> 
> I need some help getting SELINUX to play nice with Bacula on CENTOS
> 6.6, can anyone here help me out please. any one can help me create a
> policy or something, I don’t want to upgrade my production server and
> have this same problem.

First of all, you can try to relabel your filesystem in case you have
some mislabeled file; as root do "fixfiles onboot" and reboot the
system.

Second, you can delete all files in "/var/log/audit/" and make the
problem reappear, so you can debug the SELinux permission problems with
"audit2allow -a" or by looking directly at a clean
"/var/log/audit/audit.log" file.

Then, it's worth saying that "/backup" is not a path that is part of
SELinux labels. It is not a problem by itself (it should work anyway)
but my suggestion is to use "/bacula/" as the path for your backups.

# semanage fcontext -l | grep bacula
/bacula(/.*)?                                      all files
system_u:object_r:bacula_store_t:s0 
/etc/bacula.*                                      all files
system_u:object_r:bacula_etc_t:s0 
/etc/rc\.d/init\.d/bacula.*                        regular file
system_u:object_r:bacula_initrc_exec_t:s0 
/usr/sbin/bacula.*                                 regular file
system_u:object_r:bacula_exec_t:s0 
/usr/sbin/bat                                      regular file
system_u:object_r:bacula_admin_exec_t:s0 
/usr/sbin/bconsole                                 regular file
system_u:object_r:bacula_admin_exec_t:s0 
/var/lib/bacula.*                                  all files
system_u:object_r:bacula_var_lib_t:s0 
/var/log/bacula.*                                  all files
system_u:object_r:bacula_log_t:s0 
/var/run/bacula.*                                  regular file
system_u:object_r:bacula_var_run_t:s0 
/var/spool/bacula.*                                all files
system_u:object_r:bacula_spool_t:s0 
/var/spool/bacula/log(/.*)?                        all files
system_u:object_r:var_log_t:s0 

Regards,
--Simone


------------------------------------------------------------------------------
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Bacula-users] [Bacula-devel] Load slots timeout, Dan Langille
Next by Date:  Re: [Bacula-users] Configuration reload for bacula-sd, Kern Sibbald
Previous by Thread:  [Bacula-users] CentOS 6.6 SELINUX Problems BACULA 5.2.18 [Help], Humphrey Bryant
Next by Thread:  Re: [Bacula-users] CentOS 6.6 SELINUX Problems BACULA 5.2.18 [Help], Humphrey Bryant
Indexes:  [Date] [Thread] [Top] [All Lists]