Re: SELinux issue with BackupPC 3.1.0 on Fedora 6

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wednesday 30 July 2008 02:00:18 Aleksey Tsalolikhin wrote:
> Hi.  I am trying to get BackupPC working on a Fedora Core 6 server.
>
> I installed BackupPC with "yum install backuppc" and "yum install httpd".
>
> But when I fire up the Web interface, it says
>
>        Error: Unable to connect to BackupPC server
>
>
> And I have an SE Linux error message:
>
> avc:  denied  { write } for  pid=5120 comm="perl5.8.8"
> name="BackupPC.sock" dev=dm-0 ino=56393744
> scontext=user_u:system_r:httpd_t:s0
> tcontext=user_u:object_r:var_log_t:s0 tclass=sock_file
>
> If I turn off SE Linux, BackupPC works fine.   But per our policy,
> this server must have SE Linux turned on.
>
> How to make this work, please?
>
> Best,
> Aleksey

First you really should upgrade to a supported version of Fedora or to CentOS.

Second I have a very similar problem  with BackupPC on CentOS 5.2. I installed 
BackupPC from source rather than use the rpm in the CentOS testing repos. 
Everything is working fine except for a similar "BackupPC.sock" SELinux 
error.


type=AVC msg=audit(1216986223.223:145): avc:  denied  { write } for  pid=7667 
comm="httpd" name="BackupPC.sock" dev=sda5 ino=3094722 
scontext=root:system_r:httpd_t:s0 
tcontext=root:object_r:httpd_sys_content_t:s0 tclass=sock_file

What I did as a temporary workaround was to disable SELinux protection for the 
httpd daemon.

I then generated and installed a local policy to allow access.

1. Generate local policy

    $ grep http  /var/log/audit/audit.log | audit2allow -m myhttp > myhttp.te

2. Compile the module
    $ checkmodule -M -m -o local.mod myhttp.te

3.  Create the package
    $ semodule_package -o myhttp.pp -m local.mod

4   Load the module into the kernel
    $ semodule -i myhttp.pp


Now to see if that works ;-)

Seems to. I can now access the GUI with SELinux enabled for the httpd daemon.

Tony.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux