Bug 243218 - SELinux is preventing /usr/bin/perl5.8.8 (httpd_t) "write" to BackupPC.sock (var_log_t).
SELinux is preventing /usr/bin/perl5.8.8 (httpd_t) "write" to BackupPC.sock ...
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: BackupPC (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: Johan Cwiklinski
Fedora Extras Quality Assurance
: Reopened
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-07 19:17 EDT by Martin Jürgens
Modified: 2007-11-30 17:12 EST (History)
1 user (show)

See Also:
Fixed In Version: 3.0.0-3.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-08 11:02:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
full troubleshoot (3.09 KB, text/plain)
2007-06-09 06:11 EDT, Martin Jürgens
no flags Details

  None (edit)
Description Martin Jürgens 2007-06-07 19:17:22 EDT
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
EveryTime

Steps to Reproduce:
1. Install Backuppc, start it and HTTP
2. Create user
3. Call http://localhost/BackupPC , log in
  
Actual results:
Error: Unable to connect to BackupPC server

Jun  8 01:32:47 fedora-backup kernel: audit(1181259167.619:4): avc:  denied  {
write } for  pid=2588 comm="perl5.8.8" name="BackupPC.sock" dev=dm-0 ino=1831713
scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_log_t:s0
tclass=sock_file


Expected results:
Should work

Additional info:
Comment 1 Martin Jürgens 2007-06-09 06:11:18 EDT
Created attachment 156639 [details]
full troubleshoot
Comment 2 Daniel Walsh 2007-06-11 08:58:21 EDT
For now I would just add that policy to your system, and I think we need to add
a policy for BackupPC.  Executing the following two lines should allow http to
communicate with the backuppc server.

# grep http /var/log/audit/audit.log | audit2allow -M mybackuppc
# semodule -i mybackuppc.pp

Comment 3 Martin Jürgens 2007-09-04 16:13:49 EDT
Why has this been closed as a WONTFIX? Thanks :)
Comment 4 Daniel Walsh 2007-09-04 17:55:19 EDT
Someone has to write a policy for BackupPC in order to fix this, for everyone. 
I have given you a workaround.  We do not ship BackupPC so I don't see how we
can fix this.  If someone writes a policy for backuppc we will pick it up.
Comment 5 Martin Jürgens 2007-09-05 02:07:32 EDT
Thank you for your clarification. Does that mean that Fedora 8 won't ship with
BackupPC anymore? (It is shipped with Fedora 7)
Comment 6 Daniel Walsh 2007-09-11 15:37:56 EDT
No I will reassign as a bug to BackupPC to add a policy,
Comment 7 Johan Cwiklinski 2007-09-12 05:15:00 EDT
I'm currently workin ont he 3.0.0 integration, and SELinux issues are always
present.
I'll try to write the right policy file...
Comment 8 Martin Jürgens 2007-09-12 06:55:00 EDT
Johan, many thanks for caring of BackupPC now. I was in fear that it would
disappear from the Fedora archives, which would not have been great as it is
very usable for me. I also tried to package 3.0 myself, but I failed (I am a RPM
packaing beginner ;))
Comment 9 Fedora Update System 2007-09-25 04:26:46 EDT
BackupPC-3.0.0-3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2007-10-08 11:02:18 EDT
BackupPC-3.0.0-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.