Bug 243218 - SELinux is preventing /usr/bin/perl5.8.8 (httpd_t) "write" to BackupPC.sock (var_log_t).
Summary: SELinux is preventing /usr/bin/perl5.8.8 (httpd_t) "write" to BackupPC.sock ...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: BackupPC
Version: 7
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Johan Cwiklinski
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-06-07 23:17 UTC by Martin Jürgens
Modified: 2007-11-30 22:12 UTC (History)
1 user (show)

Fixed In Version: 3.0.0-3.fc7
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-10-08 15:02:20 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
full troubleshoot (3.09 KB, text/plain)
2007-06-09 10:11 UTC, Martin Jürgens 		no flags Details
View All

Description Martin Jürgens 2007-06-07 23:17:22 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
EveryTime

Steps to Reproduce:
1. Install Backuppc, start it and HTTP
2. Create user
3. Call http://localhost/BackupPC , log in
  
Actual results:
Error: Unable to connect to BackupPC server

Jun  8 01:32:47 fedora-backup kernel: audit(1181259167.619:4): avc:  denied  {
write } for  pid=2588 comm="perl5.8.8" name="BackupPC.sock" dev=dm-0 ino=1831713
scontext=root:system_r:httpd_t:s0 tcontext=root:object_r:var_log_t:s0
tclass=sock_file


Expected results:
Should work

Additional info:
Comment 1 Martin Jürgens 2007-06-09 10:11:18 UTC 
Created attachment 156639 [details]
full troubleshoot
Comment 2 Daniel Walsh 2007-06-11 12:58:21 UTC 
For now I would just add that policy to your system, and I think we need to add
a policy for BackupPC.  Executing the following two lines should allow http to
communicate with the backuppc server.

# grep http /var/log/audit/audit.log | audit2allow -M mybackuppc
# semodule -i mybackuppc.pp
Comment 3 Martin Jürgens 2007-09-04 20:13:49 UTC 
Why has this been closed as a WONTFIX? Thanks :)
Comment 4 Daniel Walsh 2007-09-04 21:55:19 UTC 
Someone has to write a policy for BackupPC in order to fix this, for everyone. 
I have given you a workaround.  We do not ship BackupPC so I don't see how we
can fix this.  If someone writes a policy for backuppc we will pick it up.
Comment 5 Martin Jürgens 2007-09-05 06:07:32 UTC 
Thank you for your clarification. Does that mean that Fedora 8 won't ship with
BackupPC anymore? (It is shipped with Fedora 7)
Comment 6 Daniel Walsh 2007-09-11 19:37:56 UTC 
No I will reassign as a bug to BackupPC to add a policy,
Comment 7 Johan Cwiklinski 2007-09-12 09:15:00 UTC 
I'm currently workin ont he 3.0.0 integration, and SELinux issues are always
present.
I'll try to write the right policy file...
Comment 8 Martin Jürgens 2007-09-12 10:55:00 UTC 
Johan, many thanks for caring of BackupPC now. I was in fear that it would
disappear from the Fedora archives, which would not have been great as it is
very usable for me. I also tried to package 3.0 myself, but I failed (I am a RPM
packaing beginner ;))
Comment 9 Fedora Update System 2007-09-25 08:26:46 UTC 
BackupPC-3.0.0-3.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2007-10-08 15:02:18 UTC 
BackupPC-3.0.0-3.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.