I have a problem using Bacula run scripts (run before and after job)
The bacula's server tries to backup a CentOS client with LVM volumes.
During backup Bacula runs (on the client side) a script which takes LVM snapshots of backuping volumes.
On the client side SElinux is switched to enforcing and setroubleshoot and setroubleshoot-server are installed.
I've already managed with all the SElinux access issues, now there is no SElinux information during backup in /var/log/messages
The issue is that I got in the SERVER's bacula.log:
Code: Select all
07-oct 21:55 client-fd JobId 18770: ClientBeforeJob: /run/lock/lvm: setfscreatecon failed: Permission denied
07-oct 21:55 client-fd JobId 18770: ClientBeforeJob: SELinux context reset: setfscreatecon failed: Permission denied
It seems to me that SElinux doesn't like the run context of bacula (bacula_t) mixed with context od /run/lock/lvm (lvm_t)
I don't know how to solve this issue.
Client :
Code: Select all
[root]# uname -a
Linux client 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
[root]# rpm -qa | grep bacula
bacula-common-5.2.13-23.1.el7.x86_64
bacula-libs-5.2.13-23.1.el7.x86_64
bacula-client-5.2.13-23.1.el7.x86_64
[root]# rpm -qa | grep selinux
selinux-policy-3.13.1-192.el7_5.6.noarch
selinux-policy-targeted-3.13.1-192.el7_5.6.noarch