Amanda client AVC
Stephen Smalley
sds at tycho.nsa.gov
Thu Apr 6 12:19:09 UTC 2006
On Wed, 2006-04-05 at 18:42 -0400, Matthew Saltzman wrote:
> My amanda clients are seeing the following:
>
> kernel: audit(1144217150.855:17): avc: denied { name_bind } for
> pid=3707 comm="sendbackup" src=697
> scontext=system_u:system_r:amanda_t:s0
> tcontext=system_u:object_r:reserved_port_t:s0 tclass=tcp_socket
>
> And they don't work.
>
> How to fix, please? TIA.
port 697 is listed as uuidgen in /etc/services, so specifically mapping
it to an amanda port type and allowing amanda to bind to it seems wrong.
If this is just a result of probing for any available low port for NIS,
then the allow_ypbind boolean is likely relevant; try enabling it.
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list