-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/10/2015 01:51 PM, Joseph L. Casale wrote:
> Are there any scripts which you can defined? Or did you get it
> by default? It looks bacula is an administrative tool which is
> going to be unconfined domain.
Hi Miroslav, The backup daemon has commands in its configuration
that invokes without a shell for example in this case:
su -c '/usr/bin/pg_dumpall -U postgres -f
/tmp/pg_dumpall_output.sql' - postgres
Do suggest that moving this into a script that is labeled
explicitly might help?
Thanks, jlc
Yes, it would be fine to have it as default in bacula. For example to
have them in
/usr/libexec/bacula
You can open a new policy bug where we can discuss it and ask bacula
folks.
- --
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVJ8lkAAoJENrcHks50T0JdIkIAIbxJPfQ4UsactPEBxaYjcIw
wqBzRLDkH1igRI+5EdyG7DPAwWmBDmi4j2Dif6lPAQEmWIAlRDIQFNtOL0EKy6du
ibyAxYrJOEj4HhwDtLuLBOJdZRyV55nbj44Hd/7lpBg6RSQthxlhQ1OrcT1XR+gY
lZxFzwijBpIkJxsamPULYREI7ifOYGnsbQr+C3FpizC8K/VOXlSBIBRjmHmkMQSW
mGgx6cyz+wWAaLuGRs43stbighIeuNywUui8Xoitp4tREaEVzUOJemZXCSGQrVDL
V6WohBdaEYxYV7K0o1z1Afbo0gYKxt9OzIrRgtLF/FeKGVFARhmrN1aj0UxL65Y=
=bat4
-----END PGP SIGNATURE-----