{"id":1258,"date":"2016-07-22T20:40:37","date_gmt":"2016-07-22T18:40:37","guid":{"rendered":"http:\/\/miroslaw.borodziuk.eu\/?p=1258"},"modified":"2017-08-03T16:44:46","modified_gmt":"2017-08-03T14:44:46","slug":"bacula-i-selinux","status":"publish","type":"post","link":"http:\/\/miro.borodziuk.eu\/index.php\/2016\/07\/22\/bacula-i-selinux\/","title":{"rendered":"Bacula i SELinux"},"content":{"rendered":"<p>Zainstalowa\u0142em niedawno <em>Bacul\u0119<\/em> &#8211; system do wykonywania kopii zapasowych zasob\u00f3w dyskowych.\u00a0 Na cele magazynu, w kt\u00f3rym b\u0119d\u0105 sk\u0142adowane kopie zapasowe (backupy) przewidzia\u0142em pewien katalog (<code>\/bkp<\/code>), jednak <em>SELinux<\/em> nie pozwala\u0142 <em>Baculi<\/em> na zapis do tego katalogu mimo, \u017ce nada\u0142em mu odpowiednie uprawnienia dla w\u0142a\u015bciciela procesu <em>Bacula<\/em> &#8211; u\u017cytkownika <em>bacula<\/em>. Rozwi\u0105zanie tego problemu opisuj\u0119 poni\u017cej.<!--more--><\/p>\n<p>Je\u017celi w CentOS nie ma zainstalowanej komendy <em>semanage<\/em> to trzeba zlokalizowa\u0107 w jakim pakiecie yum si\u0119 znajduje:<\/p>\n<pre class=\"wp-code-highlight prettyprint prettyprinted\"><span class=\"pun\">#<\/span><span class=\"pln\"> yum provides semanage<\/span><\/pre>\n<p>i oczywi\u015bcie zainstalowa\u0107:<\/p>\n<pre class=\"wp-code-highlight prettyprint prettyprinted\"><span class=\"pln\"># yum -y install policycoreutils<\/span><span class=\"pun\">-<\/span><span class=\"pln\">python<\/span><\/pre>\n<p>Identyfikacja kontekstu <em>Baculi<\/em>:<\/p>\n<pre># semanage fcontext -l | grep bacula\r\n\/bacula(\/.*)?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_store_t:s0\r\n\/etc\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_etc_t:s0\r\n\/var\/bacula(\/.*)?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_store_t:s0\r\n\/var\/run\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regular file\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_var_run_t:s0\r\n\/var\/lib\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_var_lib_t:s0\r\n\/var\/log\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_log_t:s0\r\n\/usr\/sbin\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regular file\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_exec_t:s0\r\n\/var\/spool\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_spool_t:s0\r\n\/var\/spool\/bacula\/log(\/.*)?\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 all files\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:var_log_t:s0\r\n\/etc\/rc\\.d\/init\\.d\/bacula.*\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regular file\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_initrc_exec_t:s0\r\n\/usr\/sbin\/bat\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regular file\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_admin_exec_t:s0\r\n\/usr\/sbin\/bconsole\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 regular file\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 system_u:object_r:bacula_admin_exec_t:s0<\/pre>\n<p>A zatem kontekst ma nazw\u0119 \u201csystem_u:object_r:bacula_store_t:s0\u201d.<\/p>\n<pre># chcon system_u:object_r:bacula_store_t:s0 \/bkp\r\n# semanage fcontext -a -t bacula_store_t \"\/bkp(\/.*)?\"\r\n# restorecon -R -v \/bkp<\/pre>\n<p>To samo rozwi\u0105zanie zadzia\u0142a je\u017celi CentOS odm\u00f3wi <em>Baculi<\/em> prawa do zapisu danych do katalogu, do kt\u00f3rego b\u0119d\u0105 przywracane backupy (restore).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Zainstalowa\u0142em niedawno Bacul\u0119 &#8211; system do wykonywania kopii zapasowych zasob\u00f3w dyskowych.\u00a0 Na cele magazynu, w kt\u00f3rym b\u0119d\u0105 sk\u0142adowane kopie zapasowe (backupy) przewidzia\u0142em pewien katalog (\/bkp), jednak SELinux nie pozwala\u0142 Baculi na zapis do tego katalogu mimo, \u017ce nada\u0142em mu odpowiednie uprawnienia dla w\u0142a\u015bciciela procesu Bacula &#8211; u\u017cytkownika bacula. Rozwi\u0105zanie tego problemu opisuj\u0119 poni\u017cej.<\/p>\n","protected":false},"author":1,"featured_media":1262,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[50],"tags":[],"_links":{"self":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/1258"}],"collection":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/comments?post=1258"}],"version-history":[{"count":4,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/1258\/revisions"}],"predecessor-version":[{"id":1265,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/posts\/1258\/revisions\/1265"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media\/1262"}],"wp:attachment":[{"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/media?parent=1258"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/categories?post=1258"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/miro.borodziuk.eu\/index.php\/wp-json\/wp\/v2\/tags?post=1258"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}