Hi all,
I reinstalled BackupPC BackupPC-3.2.1-7.fc17.i686
on my Fedora 17 machine.
(Reason is, that I have a new backup disk,
which is mounted in /var/lib/BackupPC and
I wanted the installation to create the directories
there and set the appropriate SELinux privileges..)
httpd runs under user backuppc on this host.
backuppc service is started.
When I call the CGI-Interface I see the
following message on screen:
-------------- snip --------------
Error: Unable to connect to BackupPC server
This CGI script (/backuppc) is unable to connect to the BackupPC server
on localhost port -1.
The error was: unix connect: Permission denied.
Perhaps the BackupPC server is not running or there is a configuration
error. Please report this to your Sys Admin.
-------------- snip --------------
At same time the following AVC-Denial is written:
type=AVC msg=audit(1355679394.218:18): avc: denied { write } for
pid=9409 comm="BackupPC_Admin." name="BackupPC.sock"
dev="tmpfs"
ino=3636017 scontext=system_u:system_r:httpd_t:s0
tcontext=system_u:object_r:var_run_t:s0 tclass=sock_file
type=SYSCALL msg=audit(1355679394.218:18): arch=40000003 syscall=102
success=no exit=-13 a0=3 a1=bfca7e90 a2=b771bff4 a3=8de4008 items=0
ppid=9337 pid=9409 auid=4294967295 uid=483 gid=488 euid=483 suid=483
fsuid=483 egid=488 sgid=488 fsgid=488 tty=(none) ses=4294967295
comm="BackupPC_Admin." exe="/usr/bin/perl"
subj=system_u:system_r:httpd_t:s0 key=(null)
I tried to add an appropriate rule following the
instructions from sealert:
# grep BackupPC_Admin. /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
libsepol.scope_copy_callback: entropyd: Duplicate declaration in module:
type/attribute entropyd_var_run_t (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or
directory).
semodule: Failed!
Can you help / explain the issue?
Thanks in advance and kind regards
Gabriele