Bug 719499 - Socket file should be in /var/run/BackupPC/ instead of /var/log/
Summary: Socket file should be in /var/run/BackupPC/ instead of /var/log/
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: BackupPC
Version: 15
Hardware: x86_64
OS: Linux
unspecified
unspecified
Target Milestone: ---
Assignee: Bernard Johnson
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-07-07 04:23 UTC by Jason
Modified: 2012-06-02 10:00 UTC (History)
4 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2011-08-09 01:38:01 UTC


Attachments (Terms of Use)
SELinux Audit (11.84 KB, text/rtf)
2011-07-07 04:23 UTC, Jason
no flags Details

Description Jason 2011-07-07 04:23:23 UTC
Created attachment 511616 [details]
SELinux Audit

Description of problem:
The BackupPC.sock file is located in /var/log/BackupPC, which causes SELinux to deny access as far as I can tell. From the BackupPC documentation, I believe it should be located in /var/run/BackupPC.

Version-Release number of selected component (if applicable):

Name        : BackupPC
Arch        : x86_64
Version     : 3.1.0
Release     : 17.fc15
Size        : 2.2 M
Repo        : installed
From repo   : anaconda-InstallationRepo-201104082134.x86_64

Steps to Reproduce:
1. 'sudo yum install BackupPC'
2. 'sudo /etc/init.d/backuppc start'
3. 'sudo /etc/init.d/httpd start'
4. Go to 'http://localhost/BackupPC'
  
Actual results:
Web interface displays 'Error: Unable to connect to BackupPC server'

Expected results:
BackupPC web interface should connect to the server.

Additional info:

Comment 1 d. johnson 2011-07-07 04:37:14 UTC
Selinux errors:

type=AVC msg=audit(1310010051.679:7595): avc:  denied  { write } for  pid=27938 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010052.607:7596): avc:  denied  { write } for  pid=27939 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010050.827:7594): avc:  denied  { write } for  pid=27935 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010367.335:7756): avc:  denied  { write } for  pid=28259 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010586.395:8055): avc:  denied  { write } for  pid=28739 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010623.249:8057): avc:  denied  { write } for  pid=28778 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010622.330:8056): avc:  denied  { write } for  pid=28775 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file
type=AVC msg=audit(1310010631.767:8058): avc:  denied  { write } for  pid=28788 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file


With this:

su -c 'semanage fcontext -a -t  httpd_var_run_t "/var/log/BackupPC/.*"; restorecon -Rv /var/log/BackupPC; service backuppc restart; service httpd restart'

should temporarily work-around the problem.

Tempfiles from packages should use /run/ for sockets.



-- 
Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 2 Fedora Update System 2011-07-30 00:33:50 UTC
BackupPC-3.2.1-1.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.fc14

Comment 3 Fedora Update System 2011-07-30 00:35:27 UTC
BackupPC-3.2.1-1.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.fc15

Comment 4 Fedora Update System 2011-07-30 00:38:48 UTC
BackupPC-3.2.1-1.el5 has been submitted as an update for Fedora EPEL 5.
https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.el5

Comment 5 Fedora Update System 2011-07-30 00:39:50 UTC
BackupPC-3.2.1-1.el6 has been submitted as an update for Fedora EPEL 6.
https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.el6

Comment 6 Fedora Update System 2011-07-30 10:36:04 UTC
Package BackupPC-3.2.1-1.el5:
* should fix your issue,
* was pushed to the Fedora EPEL 5 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=epel-testing BackupPC-3.2.1-1.el5'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.el5
then log in and leave karma (feedback).

Comment 7 Fedora Update System 2011-08-09 01:37:31 UTC
BackupPC-3.2.1-1.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2011-08-09 01:38:58 UTC
BackupPC-3.2.1-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2011-08-16 20:55:56 UTC
BackupPC-3.2.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2011-08-16 21:08:13 UTC
BackupPC-3.2.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Joel Uckelman 2012-06-02 09:46:22 UTC
BackupPC.sock is back in /var/log/BackupPC in Fedora 17. This needs to be fixed once again.

Comment 12 Joel Uckelman 2012-06-02 10:00:19 UTC
Ack. Ignore that. I was seeing a stale BackupPC.sock. The actuall problem is something else with SELinux.


Note You need to log in before you can comment on or make changes to this bug.