Description of problem: SELinux breaks the web interface of BackupPC. SELinux is preventing /usr/bin/perl from write access on the sock_file BackupPC.sock. ***** Plugin catchall (100. confidence) suggests *************************** If you believe that perl should be allowed write access on the BackupPC.sock sock_file by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep BackupPC_Admin. /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp WARNING: Policy would be downgraded from version 27 to 26. WARNING: Policy would be downgraded from version 27 to 26. Additional Information: Source Context system_u:system_r:httpd_t:s0 Target Context system_u:object_r:var_run_t:s0 Target Objects BackupPC.sock [ sock_file ] Source BackupPC_Admin. Source Path /usr/bin/perl Port <Unknown> Host clio.ellipsis.cx Source RPM Packages perl-5.14.2-211.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-125.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name clio.ellipsis.cx Platform Linux clio.ellipsis.cx 3.3.7-1.fc17.x86_64 #1 SMP Mon May 21 22:32:19 UTC 2012 x86_64 x86_64 Alert Count 8 First Seen Sat Jun 2 11:39:31 2012 Last Seen Sat Jun 2 12:01:50 2012 Local ID 76d65942-9318-446f-930c-56dc8cb0a49e Raw Audit Messages type=AVC msg=audit(1338631310.199:334): avc: denied { write } for pid=11830 comm="BackupPC_Admin." name="BackupPC.sock" dev="tmpfs" ino=32582 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1338631310.199:334): arch=x86_64 syscall=connect success=no exit=EACCES a0=3 a1=16986e0 a2=6e a3=7fff42d626b0 items=0 ppid=11807 pid=11830 auid=4294967295 uid=48 gid=48 euid=498 suid=498 fsuid=498 egid=48 sgid=48 fsgid=48 tty=(none) ses=4294967295 comm=BackupPC_Admin. exe=/usr/bin/perl subj=system_u:system_r:httpd_t:s0 key=(null) Hash: BackupPC_Admin.,httpd_t,var_run_t,sock_file,write audit2allow #============= httpd_t ============== allow httpd_t var_run_t:sock_file write; audit2allow -R #============= httpd_t ============== allow httpd_t var_run_t:sock_file write; Version-Release number of selected component (if applicable): BackupPC-3.2.1-7.fc17.x86_64 selinux-policy-targeted-3.10.0-125.fc17.noarch How reproducible: Always Steps to Reproduce: 1. Browse to BackupPC web interface. Actual results: SELinux denial. Expected results: No SELinux denial.
*** This bug has been marked as a duplicate of bug 827854 ***