Amanda client AVC

Matthew Saltzman mjs at
Mon Apr 10 14:17:20 UTC 2006

On Thu, 6 Apr 2006, Stephen Smalley wrote:

> On Wed, 2006-04-05 at 18:42 -0400, Matthew Saltzman wrote:
>> My amanda clients are seeing the following:
>>      kernel: audit(1144217150.855:17): avc:  denied  { name_bind } for
>>      pid=3707 comm="sendbackup" src=697
>>      scontext=system_u:system_r:amanda_t:s0
>>      tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
>> And they don't work.
>> How to fix, please?  TIA.
> port 697 is listed as uuidgen in /etc/services, so specifically mapping
> it to an amanda port type and allowing amanda to bind to it seems wrong.
> If this is just a result of probing for any available low port for NIS,
> then the allow_ypbind boolean is likely relevant; try enabling it.

That stops the denial messages, but Amanda still isn't working.  It fails 
with "too many dumper retry".  I'm not getting denials, though, so I 
suppose that must be something else?

(Running nscd doesn't seem to help matters.)

Also, this seems strange as a solution as this network doesn't run NIS.  I 
do have all the amanda-related ports open on both server and client.  I 
had no problems running amanda under FC4.  My server is FC4 and it backs 
itself and an RH7.3 machine up with no problems.  Only my FC5 clients have 

 		Matthew Saltzman

Clemson University Math Sciences
mjs AT clemson DOT edu

More information about the fedora-selinux-list mailing list