Because you ran a bacula service as root, and to help you correct issues
caused by that:
Here is one of my /opt/bacula/working folders, to help you find your folder
on fedora.
You can troubleshoot permissions issues with the files in the working
directory this way.
[root@td-bacula ~]# ls -lah /opt/bacula/working/ | grep -v mail
total 172K
drwxrwx---+ 2 root bacula 4.0K May 11 11:11 .
drwxrwxr-x+ 10 root root 108 Nov 18 12:54 ..
-rw-r-----. 1 bacula bacula 2.2K May 10 23:59 bacula-dir.9101.state
-rw-r-----. 1 root bacula 2.2K May 9 20:06 bacula-fd.9102.state
-rw-r-----. 1 bacula bacula 7 May 9 16:24 bacula-sd.9103.pid
-rw-r-----. 1 bacula bacula 2.2K May 10 00:11 bacula-sd.9103.state
-rw-------. 1 bacula bacula 370 Apr 9 08:12 .bconsole_history
-rw-r-----. 1 bacula bacula 117 Feb 27 11:06 key-manager.log
-rw-------. 1 bacula bacula 20 Feb 24 11:19 .lesshst
-rw-rwx---+ 1 bacula bacula 9.9K May 11 10:24 td-bacula-dir.conmsg
-rw-------. 1 bacula bacula 8.3K May 4 15:53 .viminfo
I think if you do this command you should definitely locate the correct
folder for your system.
sudo find / -type f | grep bacula-fd.9102.state
If that doesn't work, change the filename 'bacula-fd.9102.state' to match
one of the other filenames on the list.
Check the permissions in your working folder, wherever it is, and make them
match what you see here, especially for .state and .pid files.
Regards,
Robert Gerber
402-237-8692
r...@craeon.net
On Sun, May 11, 2025 at 11:05 AM Rob Gerber <r...@craeon.net> wrote:
> Ismael,
>
> That is a strange problem. I would guess that the bacula packages
> installed in fedora are not 'selinux aware' and aren't setting the correct
> contexts for you.
>
> I am running bacula 13.0.3 and 15.0.2 on multiple rocky linux 9.x based
> machines. Rocky linux is based on RHEL (as I am sure you know). I didn't
> have to do anything special for my setups involving selinux. I checked, and
> there doesn't appear to be a special bacula-selinux package on the systems
> running bacula 13.0.x or 15.0.2.
>
> Where did you get your bacula FD package for fedora? My bacula is
> installed from the bacula community repositories. Usually, the packages
> from the system repositories are considerably older. I recommend using the
> bacula community repositories.
>
> Also, if you run a bacula daemon as root, you might make a big mess. It
> will set the bacula PID files to be owned by root, and then when you try to
> launch bacula as user bacula again, you will have additional problems
> because the PID files will now have permissions that the bacula user can't
> touch. The default location for these PID files is /opt/bacula/working, but
> your install location may be different. There may be other files 'touched'
> by bacula in the working directory that could have permissions changed. I'm
> not sure. I just know I've read about others on this list running into that
> problem, and I remember I did this very early on as a new bacula user.
>
> To troubleshoot turning off selinux enforcement, the following commands
> might be useful:
>
> temporarily turn off selinux enforcement:
> sudo setenforce 0 # set to 'permissive', or 'selinux-disabled' mode
>
> turn selinux enforcement back on:
> sudo setenforce 1 # set to 'enforcing' or 'selinux-enabled' mode
>
> check the status of selinux enforcement
> getenforce
>
> overall, while you could troubleshoot and attempt to discover which
> selinux contexts you need to set in order to make your FD work with Fedora
> with selinux enforcing, I recommend you instead find out how to apply the
> bacula packages that correctly configure selinux out of the box. As far as
> I can tell, the bacula 13.0.x and 15.0.x packages seem to do this
> flawlessly.
>
> Reminder that bacula-dir and bacula-sd must be the same version, and
> bacula-fd can be the same version as dir/sd, or lower version.
>
>
> Regards,
> Robert Gerber
> 402-237-8692
> r...@craeon.net
>
>
> On Sun, May 11, 2025 at 10:01 AM Ismael Matos <iabma...@gmail.com> wrote:
>
>> Hello everyone,
>>
>> I'm not a Linuix expert and need some help. I'm adding a new server to my
>> little home LAN based on Ubuntu, with Bacula running without problems. I'm
>> keeping all software packages on the most up-to-date versions.
>>
>> This new server is adding Fedora/SELinux (plus FreeIPA and QEMU/Libvirt/Virt
>> Manager) to the mix.
>>
>> I've installed Bacula on this server and only enabled bacula-fd so far.
>> I've added the new Client, FileSet and Job to the bacula-dir.conf.
>>
>> BUT I'm stumbling with lots of access violations even running bacula
>> service as root.
>>
>> So, I'm after some suggestions or recommendations for the Bacula and
>> SELinux configurations.
>>
>> Many thanks in advance.
>>
>> Cheers
>>
>> Ismael
>>
>> ---
>> Here are some messages from the /var/log/audit/audit.log:
>>
>> type=AVC msg=audit(1746922631.355:1339): avc: denied { execute } for
>> pid=10412 comm="sh" name="virsh" dev="sda3" ino=1247631 scontex
>> t=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:virsh_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.355:1340): avc: denied { execute } for
>> pid=10412 comm="sh" name="virsh" dev="sda3" ino=1247631 scontex
>> t=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:virsh_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.360:1341): avc: denied { read } for
>> pid=10118 comm="bacula-fd" name="net" dev="proc" ino=4026531845 sc
>> ontext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:proc_net_t:s0 tclass=lnk_file permissive=0
>> type=AVC msg=audit(1746922631.465:1342): avc: denied { execute } for
>> pid=10416 comm="cleanup" name="dnf5" dev="sda3" ino=1158689 sco
>> ntext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.466:1343): avc: denied { execute } for
>> pid=10420 comm="cleanup" name="dnf5" dev="sda3" ino=1158689 sco
>> ntext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.466:1344): avc: denied { execute } for
>> pid=10420 comm="cleanup" name="dnf5" dev="sda3" ino=1158689 sco
>> ntext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:rpm_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.466:1345): avc: denied { execute } for
>> pid=10416 comm="cleanup" name="journalctl" dev="sda3" ino=11533
>> 46 scontext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.466:1346): avc: denied { execute } for
>> pid=10421 comm="cleanup" name="journalctl" dev="sda3" ino=11533
>> 46 scontext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.466:1347): avc: denied { execute } for
>> pid=10421 comm="cleanup" name="journalctl" dev="sda3" ino=11533
>> 46 scontext=system_u:system_r:bacula_t:s0
>> tcontext=system_u:object_r:journalctl_exec_t:s0 tclass=file permissive=0
>> type=AVC msg=audit(1746922631.468:1348): avc: denied { getattr } for
>> pid=10422 comm="find" name="/" dev="tmpfs" ino=1 scontext=syste
>> m_u:system_r:bacula_t:s0 tcontext=system_u:object_r:tmpfs_t:s0
>> tclass=filesystem permissive=0
>>
>> _______________________________________________
>> Bacula-users mailing list
>> Bacula-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/bacula-users
>>
>
_______________________________________________
Bacula-users mailing list
Bacula-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bacula-users
