Description of problem: httpd runs under user backuppc on this host. backuppc service is started. When I call the CGI-Interface I see the following message on screen: -------------- snip -------------- Error: Unable to connect to BackupPC server This CGI script (/backuppc) is unable to connect to the BackupPC server on localhost port -1. The error was: unix connect: Permission denied. Perhaps the BackupPC server is not running or there is a configuration error. Please report this to your Sys Admin. -------------- snip -------------- At same time the following AVC-Denial is written: type=AVC msg=audit(1355679394.218:18): avc: denied { write } for pid=9409 comm="BackupPC_Admin." name="BackupPC.sock" dev="tmpfs" ino=3636017 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file type=SYSCALL msg=audit(1355679394.218:18): arch=40000003 syscall=102 success=no exit=-13 a0=3 a1=bfca7e90 a2=b771bff4 a3=8de4008 items=0 ppid=9337 pid=9409 auid=4294967295 uid=483 gid=488 euid=483 suid=483 fsuid=483 egid=488 sgid=488 fsgid=488 tty=(none) ses=4294967295 comm="BackupPC_Admin." exe="/usr/bin/perl" subj=system_u:system_r:httpd_t:s0 key=(null) I tried to add an appropriate rule following the instructions from sealert: # grep BackupPC_Admin. /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp libsepol.scope_copy_callback: entropyd: Duplicate declaration in module: type/attribute entropyd_var_run_t (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed!Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. Install BackupPC-3.2.1-7.fc17.i686 2. Start backuppc.service 3. Call BackupPCs CGI Actual results: Error: Unable to connect to BackupPC server This CGI script (/backuppc) is unable to connect to the BackupPC server on localhost port -1. The error was: unix connect: Permission denied. Perhaps the BackupPC server is not running or there is a configuration error. Please report this to your Sys Admin. Expected results: Webserver can connect to backuppc.service Additional info:
I believe this was fixed. Please retest against 3.2.1-10 or later.
BackupPC-3.2.1-7.fc17.i686 is the current version. Where shall I get the newer version from for fc17?
Ok, sorry, it looks like I made the change long ago and never pushed and update. You can wait for the update that's coming (7-10 days) or try this build: http://koji.fedoraproject.org/koji/buildinfo?buildID=374898
Thanks for the new package! I installed it and first had the same error again. Then I investigated, whether I had setup own rules before, which was the case.. (sorry, that I've not looked at this before..) I found a module "mypol" and tried to remove it, which failed with error: libsepol.scope_copy_callback: audioentropy: Duplicate declaration in module: type/attribute entropyd_var_run_t libsemanage.semanage_link_sandbox: Link packages failed semodule: Failed! I searched in bugzilla for that issue and found a recipe to solve this issue: https://bugzilla.redhat.com/show_bug.cgi?id=511067 #setenforce 0 #mv /etc/selinux/targeted /etc/selinux/targeted.old #yum reinstall selinux-policy-targeted #restorecon -R -v /etc/selinux #setenforce 1 After that I reinstalled the new BackupPC package and now the error has vanished :-) Dominick Grift made an offer on selinux mailing list to include the selinux rules into the targeted policy: http://lists.fedoraproject.org/pipermail/selinux/2012-December/014986.html I think this would be the best solution to avoid interferences with targeted policies in the future. Are you willing to cooperate with the selinux team? I would be glad if so and will help with testing also ~ fyi and cheers, Gabriele
My selinux mode is "Permissive" though, after updated BackupPC yesterday, I had same issue. I had to reset selinux policy and reinstall BackupPC package.
I need to create /var/run/BackupPC/ directory. Because /var/run is mounted as tmpfs, I think BackupPC needs config file in /etc/tmpfiles.d/.
This message is a reminder that Fedora 17 is nearing its end of life. Approximately 4 (four) weeks from now Fedora will stop maintaining and issuing updates for Fedora 17. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as WONTFIX if it remains open with a Fedora 'version' of '17'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, simply change the 'version' to a later Fedora version prior to Fedora 17's end of life. Bug Reporter: Thank you for reporting this issue and we are sorry that we may not be able to fix it before Fedora 17 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora, you are encouraged change the 'version' to a later Fedora version prior to Fedora 17's end of life. Although we aim to fix as many bugs as possible during every release's lifetime, sometimes those efforts are overtaken by events. Often a more recent Fedora release includes newer upstream software that fixes bugs or makes them obsolete.
Fedora 17 changed to end-of-life (EOL) status on 2013-07-30. Fedora 17 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.