Hey thanks for the reply,
First of all, you can try to relabel your filesystem in case you have
some mislabeled file; as root do "fixfiles onboot" and reboot the
system.
I tried relabel the file system already and that didn't fix it.
Second, you can delete all files in "/var/log/audit/" and make the
problem reappear, so you can debug the SELinux permission problems with
"audit2allow -a" or by looking directly at a clean
"/var/log/audit/audit.log" file.
OK thanks, I will try that and also do some reading on SELINUX.
Then, it's worth saying that "/backup" is not a path that is part of
SELinux labels. It is not a problem by itself (it should work anyway)
but my suggestion is to use "/bacula/" as the path for your backups.
The "/backup" directory was created on my test server when i was
just learning bacula (newbee mistake), I will try change it when I
get around this SELINUX issue.
Thanks Again
On 11/09/2014 04:27 AM, Simone Caronni
wrote:
Hello,
you should do some debugging on the SELinux side, this is not related to
Bacula. It is too complicated to explain by mail, Redhat docs are very
good in this regard.
On Fri, 2014-11-07 at 13:06 -0500, Humphrey Bryant wrote:
I check, recheck and double check all permissions on my volumes/files
and directory and everything was OK but when i run the backup they
still hang nonetheless. It was after I temporarily disabled SELINUX
backup start working again, so I am of the conclusion that SELINUX is
at fault here..
I need some help getting SELINUX to play nice with Bacula on CENTOS
6.6, can anyone here help me out please. any one can help me create a
policy or something, I don’t want to upgrade my production server and
have this same problem.
First of all, you can try to relabel your filesystem in case you have
some mislabeled file; as root do "fixfiles onboot" and reboot the
system.
Second, you can delete all files in "/var/log/audit/" and make the
problem reappear, so you can debug the SELinux permission problems with
"audit2allow -a" or by looking directly at a clean
"/var/log/audit/audit.log" file.
Then, it's worth saying that "/backup" is not a path that is part of
SELinux labels. It is not a problem by itself (it should work anyway)
but my suggestion is to use "/bacula/" as the path for your backups.
# semanage fcontext -l | grep bacula
/bacula(/.*)? all files
system_u:object_r:bacula_store_t:s0
/etc/bacula.* all files
system_u:object_r:bacula_etc_t:s0
/etc/rc\.d/init\.d/bacula.* regular file
system_u:object_r:bacula_initrc_exec_t:s0
/usr/sbin/bacula.* regular file
system_u:object_r:bacula_exec_t:s0
/usr/sbin/bat regular file
system_u:object_r:bacula_admin_exec_t:s0
/usr/sbin/bconsole regular file
system_u:object_r:bacula_admin_exec_t:s0
/var/lib/bacula.* all files
system_u:object_r:bacula_var_lib_t:s0
/var/log/bacula.* all files
system_u:object_r:bacula_log_t:s0
/var/run/bacula.* regular file
system_u:object_r:bacula_var_run_t:s0
/var/spool/bacula.* all files
system_u:object_r:bacula_spool_t:s0
/var/spool/bacula/log(/.*)? all files
system_u:object_r:var_log_t:s0
Regards,
--Simone
--
Best Regards
Humphrey Bryant
Information System Admin
Foga Daley
Attorneys-at-Law
7 Stanton Terrace
Kingston 6
Tel - (876) 927-4371-5
Fax - (876) 927-5081
This E-mail contains information which is confidential and privileged.
Unless you are the addressee (or authorised to receive for the
addressee), you may not use, copy or disclose to anyone the message or
information contained in it. If you have received this e-mail in error,
please destroy it and advise the sender.
