On 01/04/2011 06:11 AM, Daniel J Walsh wrote: > On 01/04/2011 04:08 AM, Gordon Messmer wrote: >> # semanage fcontext -a -t user_home_dir_t /var/lib/amanda >> # semanage fcontext -a -t user_home_t "/var/lib/amanda/.*" >> # restorecon -r /var/lib/amanda > No This would probably cause amanda to break then. Does labeling .ssh as > ssh_home_t solve the problem? That seems unlikely, since the selinux denial was on /var/lib/amanda. If amanda is restricted, I believe the only option (until the policy is fixed) is to create a new module: # setenforce permissive # tail -n 0 -f /var/log/audit/audit.log > /var/tmp/sshdAmanda.avc -- Run an amanda backup -- -- Ctrl+c to kill "tail" when the backup is complete -- # audit2allow -M sshdAmanda < /var/tmp/sshdAmanda.avc # semodule -i sshdAmanda.pp -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
