Re: [BackupPC-users] SELinux preventing server connection.

Hello,

Le 27/04/2010 20:30, Steve Blackwell a écrit :
> BZ=bugzilla?
>   

Yes :) That is a better place to report package specific issues, all of
that SELinus stuff is not really BackupPC relevant.

> I had alway run SELinux in permissive mode because of the problems I
> was having. After talking with the SELinux folks and reinstalling the
> targeted policy, I am now running in enforcing mode but I'm
> experiencing these issues.
>
>   
>> By the way, I'm using backuppc with SELinux enabled under F-12 with
>> exactly the same SELinux rules and files location ; and I do not have
>> any problems so far.
>>
>> Basically, just run "restorecon -R -v /var/log/BackupPC" should does
>> the trick ; files under that directory should be labelled 
>> "system_u:object_r:httpd_sys_content_t:s0" (the contexts I have on my
>> F-12 box) and of course have to be owned by "backuppc" user.
>>     
> The files in my /var/log/BackupPC were labelled incorrectly and
> restorecon wasn't changing anything. I don't know why that was but I
> have fixed that now. Even after that, I was still getting write and
> connectto denials on /var/log/BackupPC.sock.
>
> With the SELinux group's assistant I can now connect to the
> BackupPc server but now BackupPC is not allowed to read the disk where
> my backups are located.
>   

Connection problems are strange, but indeed related to the pacakge itself.

As for reading backup location... The package can only handle the
default location. If that is changed (most of the cases for a backup
system) you're in charge to check SELinux and right management issues ;
any package can do it for you.

As I'm not selinux lists subscriber, I do not know exactly what the
probelm was, and what has been done to be solved. Maybe could you send
me in private a link to the archives pointing to that particular discution?

>> On the other hand, I would accept any help improving the Fedora/EPEL
>> package with a great pleasure.
>>     
> Well I have a little time so I'd be happy to help you. Just tell me how.
>   

Strange paths made SELinux unhappy.
I started to implement the ability to change the bindir at install time,
but I failed...

As far as I remember, BackupPC is not really FHS compliant beacause:
- LOCK file stands in /var/log,
- PID file stands in /var/log,
- binaries stands in /usr/share.
- maybe others I've forget/I've never seen

Also, some kind of temporary files are created althought they should not
(I'll have to investigate a bit to find out what was the problem).

These corrrections would benefit directly to BackupPC project (for the
next release) and to packaging (globally) ; in my opinion.

> Thanks,
> Steve
>   

If you plan to make changes to BackupPC source code, you should use the
current list (or more probably the devel one).
If you have issues/questions/bugs/whatever about the package or SELinux
issues, feel free to report them on the bugzilla (public reports would
benefit to others I guess).

Regards,
Johan

------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/