Hello everyone,
I'm not a Linuix expert and need some help. I'm adding a new server to my
little home LAN based on Ubuntu, with Bacula running without problems. I'm
keeping all software packages on the most up-to-date versions.
This new server is adding Fedora/SELinux (plus FreeIPA and QEMU/Libvirt/Virt
Manager) to the mix.
I've installed Bacula on this server and only enabled bacula-fd so far.
I've added the new Client, FileSet and Job to the bacula-dir.conf.
BUT I'm stumbling with lots of access violations even running bacula
service as root.
So, I'm after some suggestions or recommendations for the Bacula and
SELinux configurations.
Many thanks in advance.
Cheers
Ismael
---
Here are some messages from the /var/log/audit/audit.log:
type=AVC msg=audit(1746922631.355:1339): avc: denied { execute } for
pid=10412 comm="sh" name="virsh" dev="sda3" ino=1247631 scontex
t=system_u:system_r:bacula_t:s0 tcontext=system_u:object_r:virsh_exec_t:s0
tclass=file permissive=0
type=AVC msg=audit(1746922631.355:1340): avc: denied { execute } for
pid=10412 comm="sh" name="virsh" dev="sda3" ino=1247631 scontex
t=system_u:system_r:bacula_t:s0 tcontext=system_u:object_r:virsh_exec_t:s0
tclass=file permissive=0
type=AVC msg=audit(1746922631.360:1341): avc: denied { read } for
pid=10118 comm="bacula-fd" name="net" dev="proc" ino=4026531845 sc
ontext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=0
type=AVC msg=audit(1746922631.465:1342): avc: denied { execute } for
pid=10416 comm="cleanup" name="dnf5" dev="sda3" ino=1158689 sco
ntext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1746922631.466:1343): avc: denied { execute } for
pid=10420 comm="cleanup" name="dnf5" dev="sda3" ino=1158689 sco
ntext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1746922631.466:1344): avc: denied { execute } for
pid=10420 comm="cleanup" name="dnf5" dev="sda3" ino=1158689 sco
ntext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1746922631.466:1345): avc: denied { execute } for
pid=10416 comm="cleanup" name="journalctl" dev="sda3" ino=11533
46 scontext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1746922631.466:1346): avc: denied { execute } for
pid=10421 comm="cleanup" name="journalctl" dev="sda3" ino=11533
46 scontext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1746922631.466:1347): avc: denied { execute } for
pid=10421 comm="cleanup" name="journalctl" dev="sda3" ino=11533
46 scontext=system_u:system_r:bacula_t:s0
tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file permissive=0
type=AVC msg=audit(1746922631.468:1348): avc: denied { getattr } for
pid=10422 comm="find" name="/" dev="tmpfs" ino=1 scontext=syste
m_u:system_r:bacula_t:s0 tcontext=system_u:object_r:tmpfs_t:s0
tclass=filesystem permissive=0
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
