Amanda client AVC
Matthew Saltzman
mjs at ces.clemson.edu
Mon Apr 10 14:17:20 UTC 2006
On Thu, 6 Apr 2006, Stephen Smalley wrote:
> On Wed, 2006-04-05 at 18:42 -0400, Matthew Saltzman wrote:
>> My amanda clients are seeing the following:
>>
>> kernel: audit(1144217150.855:17): avc: denied { name_bind } for
>> pid=3707 comm="sendbackup" src=697
>> scontext=system_u:system_r:amanda_t:s0
>> tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
>>
>> And they don't work.
>>
>> How to fix, please? TIA.
>
> port 697 is listed as uuidgen in /etc/services, so specifically mapping
> it to an amanda port type and allowing amanda to bind to it seems wrong.
> If this is just a result of probing for any available low port for NIS,
> then the allow_ypbind boolean is likely relevant; try enabling it.
That stops the denial messages, but Amanda still isn't working. It fails
with "too many dumper retry". I'm not getting denials, though, so I
suppose that must be something else?
(Running nscd doesn't seem to help matters.)
Also, this seems strange as a solution as this network doesn't run NIS. I
do have all the amanda-related ports open on both server and client. I
had no problems running amanda under FC4. My server is FC4 and it backs
itself and an RH7.3 machine up with no problems. Only my FC5 clients have
issues.
--
Matthew Saltzman
Clemson University Math Sciences
mjs AT clemson DOT edu
http://www.math.clemson.edu/~mjs
More information about the selinux
mailing list