DevHeads.net

CentOS 6.6 Bacula-SELinux issue

I updated my backup server to CentOS 6.6 this morning. As usual, I
unmounted the current (nightly) tape from the changer before the
reboot. Now Bacula complains it cannot access the changer:

3301 Issuing autochanger "loaded? drive 0" command.
3991 Bad autochanger "loaded? drive 0" command: ERR=Child exited with code 1.
Results=cannot open SCSI device '/dev/changer' - Permission denied

SELinux is denying source context bacula_t from accessing target
context tape_device_t. I took a look at the various SELinux boolean
values but see none that applies.

Has anyone else observed this symptom since upgrading?

Is there a fix other than building a local policy by going through the
"ausearch | audit2allow" iteration(s)?

Comments

Re: CentOS 6.6 Bacula-SELinux issue

By Daniel J Walsh at 11/04/2014 - 11:08

I see nothing about tape_device_t in bacula policy in Fedora, so I
please create a local policy and then send it to us, so it can get
merged into the upstream and back ported for RHEL/Centos.
On 10/30/2014 03:01 PM, Paul Heinlein wrote: