I have BackupPC-3.0.0-3.fc8 installed on a fully updated Fedora 8 machine (clean install, not an upgrade). I have put the BackupPC_Admin script (the web interface) in /var/www/cgi-bin/BackupPC/, which is where I had it in a non-rpm installation under FC 6, which is what I had on this machine before F8. By fiddling with booleans, I had gotten the web interface to run fine under FC6. But now I have to set selinux to permissive to use the web interface. I get the following sort of thing in sealert: Summary SELinux is preventing /usr/bin/sperl5.8.8 (httpd_sys_script_t) "setuid" to (httpd_sys_script_t). Detailed Description SELinux denied access requested by /usr/bin/sperl5.8.8. It is not expected that this access is required by /usr/bin/sperl5.8.8 and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access. Allowing Access You can generate a local policy module to allow this access - see FAQ Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report against this package. Additional Information Source Context: system_u:system_r:httpd_sys_script_t:s0 Target Context: system_u:system_r:httpd_sys_script_t:s0 Target Objects: None [ capability ] Affected RPM Packages: perl-suidperl-5.8.8-31.fc8 [application] Policy RPM: selinux-policy-3.0.8-47.fc8 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Permissive Plugin Name: plugins.catchall Host Name: g2 Platform: Linux g2 2.6.23.1-49.fc8 #1 SMP Thu Nov 8 21:41:26 EST 2007 i686 i686 Alert Count: 15 First Seen: Sun 11 Nov 2007 12:18:32 PM EST Last Seen: Thu 15 Nov 2007 08:50:48 PM EST Local ID: 3601b195-d0fb-4477-b969-c6f87a3a5fc9 Line Numbers: Raw Audit Messages : avc: denied { setuid } for comm=sperl5.8.8 egid=48 euid=493 exe=/usr/bin/sperl5.8.8 exit=0 fsgid=48 fsuid=493 gid=48 items=0 pid=3645 scontext=system_u:system_r:httpd_sys_script_t:s0 sgid=48 subj=system_u:system_r:httpd_sys_script_t:s0 suid=0 tclass=capability tcontext=system_u:system_r:httpd_sys_script_t:s0 tty=(none) uid=48 For now, I'm working around it by setting selinux to permissive while I use the web interface, and then setting it back to enforcing. But I'd rather sort out why it's not working--I've probably missed some obvious configuration setting. I would be grateful for any suggestions for straightening this out. Thanks, George
Attachment:
signature.asc
Description: PGP signature
-- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list