Hide Forgot
Created attachment 511616 [details] SELinux Audit Description of problem: The BackupPC.sock file is located in /var/log/BackupPC, which causes SELinux to deny access as far as I can tell. From the BackupPC documentation, I believe it should be located in /var/run/BackupPC. Version-Release number of selected component (if applicable): Name : BackupPC Arch : x86_64 Version : 3.1.0 Release : 17.fc15 Size : 2.2 M Repo : installed From repo : anaconda-InstallationRepo-201104082134.x86_64 Steps to Reproduce: 1. 'sudo yum install BackupPC' 2. 'sudo /etc/init.d/backuppc start' 3. 'sudo /etc/init.d/httpd start' 4. Go to 'http://localhost/BackupPC' Actual results: Web interface displays 'Error: Unable to connect to BackupPC server' Expected results: BackupPC web interface should connect to the server. Additional info:
Selinux errors: type=AVC msg=audit(1310010051.679:7595): avc: denied { write } for pid=27938 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010052.607:7596): avc: denied { write } for pid=27939 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010050.827:7594): avc: denied { write } for pid=27935 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010367.335:7756): avc: denied { write } for pid=28259 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010586.395:8055): avc: denied { write } for pid=28739 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010623.249:8057): avc: denied { write } for pid=28778 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010622.330:8056): avc: denied { write } for pid=28775 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file type=AVC msg=audit(1310010631.767:8058): avc: denied { write } for pid=28788 comm="BackupPC_Admin." name="BackupPC.sock" dev=dm-1 ino=861241 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=sock_file With this: su -c 'semanage fcontext -a -t httpd_var_run_t "/var/log/BackupPC/.*"; restorecon -Rv /var/log/BackupPC; service backuppc restart; service httpd restart' should temporarily work-around the problem. Tempfiles from packages should use /run/ for sockets. -- Fedora Bugzappers volunteer triage team https://fedoraproject.org/wiki/BugZappers
BackupPC-3.2.1-1.fc14 has been submitted as an update for Fedora 14. https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.fc14
BackupPC-3.2.1-1.fc15 has been submitted as an update for Fedora 15. https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.fc15
BackupPC-3.2.1-1.el5 has been submitted as an update for Fedora EPEL 5. https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.el5
BackupPC-3.2.1-1.el6 has been submitted as an update for Fedora EPEL 6. https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.el6
Package BackupPC-3.2.1-1.el5: * should fix your issue, * was pushed to the Fedora EPEL 5 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing BackupPC-3.2.1-1.el5' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/BackupPC-3.2.1-1.el5 then log in and leave karma (feedback).
BackupPC-3.2.1-1.fc14 has been pushed to the Fedora 14 stable repository. If problems still persist, please make note of it in this bug report.
BackupPC-3.2.1-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
BackupPC-3.2.1-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
BackupPC-3.2.1-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
BackupPC.sock is back in /var/log/BackupPC in Fedora 17. This needs to be fixed once again.
Ack. Ignore that. I was seeing a stale BackupPC.sock. The actuall problem is something else with SELinux.