Bug 243218 - SELinux is preventing /usr/bin/perl5.8.8 (httpd_t) "write" to BackupPC.sock (var_log_t).
Summary: SELinux is preventing /usr/bin/perl5.8.8 (httpd_t) "write" to BackupPC.sock ...
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: BackupPC   
(Show other bugs)
Version: 7
Hardware: All Linux
low
low
Target Milestone: ---
Assignee: Johan Cwiklinski
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords: Reopened
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-07 23:17 UTC by Martin Jürgens
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: 3.0.0-3.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-08 15:02:20 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
full troubleshoot (3.09 KB, text/plain)
2007-06-09 10:11 UTC, Martin Jürgens
no flags Details

Description Martin Jürgens 2007-06-07 23:17:22 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
EveryTime

Steps to Reproduce:
1. Install Backuppc, start it and HTTP
2. Create user
3. Call http://localhost/BackupPC , log in
  
Actual results:
Error: Unable to connect to BackupPC server

Jun  8 01:32:47 fedora-backup kernel: audit(1181259167.619:4): avc:  denied  {
write } for  pid=2588 comm="perl5.8.8" name="BackupPC.sock" dev=dm-0 ino=1831713
scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_log_t:s0
tclass=sock_file


Expected results:
Should work

Additional info:

Comment 1 Martin Jürgens 2007-06-09 10:11:18 UTC
Created attachment 156639 [details]
full troubleshoot

Comment 2 Daniel Walsh 2007-06-11 12:58:21 UTC
For now I would just add that policy to your system, and I think we need to add
a policy for BackupPC.  Executing the following two lines should allow http to
communicate with the backuppc server.

# grep http /var/log/audit/audit.log | audit2allow -M mybackuppc
# semodule -i mybackuppc.pp



Comment 3 Martin Jürgens 2007-09-04 20:13:49 UTC
Why has this been closed as a WONTFIX? Thanks :)

Comment 4 Daniel Walsh 2007-09-04 21:55:19 UTC
Someone has to write a policy for BackupPC in order to fix this, for everyone. 
I have given you a workaround.  We do not ship BackupPC so I don't see how we
can fix this.  If someone writes a policy for backuppc we will pick it up.

Comment 5 Martin Jürgens 2007-09-05 06:07:32 UTC
Thank you for your clarification. Does that mean that Fedora 8 won't ship with
BackupPC anymore? (It is shipped with Fedora 7)

Comment 6 Daniel Walsh 2007-09-11 19:37:56 UTC
No I will reassign as a bug to BackupPC to add a policy,

Comment 7 Johan Cwiklinski 2007-09-12 09:15:00 UTC
I'm currently workin ont he 3.0.0 integration, and SELinux issues are always
present.
I'll try to write the right policy file...

Comment 8 Martin Jürgens 2007-09-12 10:55:00 UTC
Johan, many thanks for caring of BackupPC now. I was in fear that it would
disappear from the Fedora archives, which would not have been great as it is
very usable for me. I also tried to package 3.0 myself, but I failed (I am a RPM
packaing beginner ;))

Comment 9 Fedora Update System 2007-09-25 08:26:46 UTC
BackupPC-3.0.0-3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2007-10-08 15:02:18 UTC
BackupPC-3.0.0-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.