Unexpected behavior in permissive mode
Miroslav Grepl
mgrepl at redhat.com
Fri Apr 10 13:00:23 UTC 2015
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 04/10/2015 01:51 PM, Joseph L. Casale wrote:
>> Are there any scripts which you can defined? Or did you get it
>> by default? It looks bacula is an administrative tool which is
>> going to be unconfined domain.
>
> Hi Miroslav, The backup daemon has commands in its configuration
> that invokes without a shell for example in this case:
>
> su -c '/usr/bin/pg_dumpall -U postgres -f
> /tmp/pg_dumpall_output.sql' - postgres
>
> Do suggest that moving this into a script that is labeled
> explicitly might help?
>
> Thanks, jlc
>
Yes, it would be fine to have it as default in bacula. For example to
have them in
/usr/libexec/bacula
You can open a new policy bug where we can discuss it and ask bacula
folks.
- --
Miroslav Grepl
Software Engineering, SELinux Solutions
Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVJ8lkAAoJENrcHks50T0JdIkIAIbxJPfQ4UsactPEBxaYjcIw
wqBzRLDkH1igRI+5EdyG7DPAwWmBDmi4j2Dif6lPAQEmWIAlRDIQFNtOL0EKy6du
ibyAxYrJOEj4HhwDtLuLBOJdZRyV55nbj44Hd/7lpBg6RSQthxlhQ1OrcT1XR+gY
lZxFzwijBpIkJxsamPULYREI7ifOYGnsbQr+C3FpizC8K/VOXlSBIBRjmHmkMQSW
mGgx6cyz+wWAaLuGRs43stbighIeuNywUui8Xoitp4tREaEVzUOJemZXCSGQrVDL
V6WohBdaEYxYV7K0o1z1Afbo0gYKxt9OzIrRgtLF/FeKGVFARhmrN1aj0UxL65Y=
=bat4
-----END PGP SIGNATURE-----
More information about the selinux
mailing list