Gene Heskett wrote: > Am I supposed to laugh here? What the packagers do to amanda to make an > rpm out of it breaks a good bit of amanda's policy of just enough perms > to do the job because rpm can't do it any other way. The real amanda > rejects recovery to localhost, precisely because localhost can be any > machine in the world. 1. localhost can be any machine in the world just as much as www.slashdot.org can be any machine in the world. You need to read up on name resolution a bit. 2. I don't see how internal backup/restore permissions of Amanda are any part of this discussion. > > Maybe so, but manpages for either one of those seem to be non-existant, > the knowledge of how it works being a secret seems to be at least part of > the security model. However, manpages and any sort of how to 'actually > use it' documentation seem to be mutually exclusive, and I do mean > exclusive, its a very snooty club. audit2allow has a man page. Actually all the selinux command line utilities have man pages. Google search on "selinux howto" returns a number of useful and comprehensive documents. I guess you are just lazy and it is easier to bash selinux then to read a couple of web pages, in that vein you are probably running everything as root on your Linux and never install firewalls or anti viruses on windows. After all if it is not there you cannot be bothered to look for it. Well, I guess you will see the light after the first successful break-in to your system.