On Tue, 27 Apr 2010 21:08:23 +0200

Johan Cwiklinski <mailings AT x-tnd DOT be> wrote:

> Hello,
>
> Le 27/04/2010 20:30, Steve Blackwell a écrit :
> > BZ=bugzilla?
> >
>
> Yes :) That is a better place to report package specific issues, all
> of that SELinus stuff is not really BackupPC relevant.
>
> > I had alway run SELinux in permissive mode because of the problems I
> > was having. After talking with the SELinux folks and reinstalling
> > the targeted policy, I am now running in enforcing mode but I'm
> > experiencing these issues.
> >
> >
> >> By the way, I'm using backuppc with SELinux enabled under F-12 with
> >> exactly the same SELinux rules and files location ; and I do not
> >> have any problems so far.
> >>
> >> Basically, just run "restorecon -R -v /var/log/BackupPC" should
> >> does the trick ; files under that directory should be labelled
> >> "system_u:object_r:httpd_sys_content_t:s0" (the contexts I have on
> >> my F-12 box) and of course have to be owned by "backuppc" user.
> >>
> > The files in my /var/log/BackupPC were labelled incorrectly and
> > restorecon wasn't changing anything. I don't know why that was but I
> > have fixed that now. Even after that, I was still getting write and
> > connectto denials on /var/log/BackupPC.sock.
> >
> > With the SELinux group's assistant I can now connect to the
> > BackupPc server but now BackupPC is not allowed to read the disk
> > where my backups are located.
> >
>
> Connection problems are strange, but indeed related to the pacakge
> itself.
>
> As for reading backup location... The package can only handle the
> default location. If that is changed (most of the cases for a backup
> system) you're in charge to check SELinux and right management
> issues ; any package can do it for you.
>
> As I'm not selinux lists subscriber, I do not know exactly what the
> probelm was, and what has been done to be solved. Maybe could you send
> me in private a link to the archives pointing to that particular
> discution?

I have my connection problem solved. I'm still having other problems
though.

> >> On the other hand, I would accept any help improving the
> >> Fedora/EPEL package with a great pleasure.
> >>
> > Well I have a little time so I'd be happy to help you. Just tell me
> > how.
>
> Strange paths made SELinux unhappy.
> I started to implement the ability to change the bindir at install
> time, but I failed...
>
> As far as I remember, BackupPC is not really FHS compliant beacause:
> - LOCK file stands in /var/log,
> - PID file stands in /var/log,
> - binaries stands in /usr/share.
> - maybe others I've forget/I've never seen
>
> Also, some kind of temporary files are created althought they should
> not (I'll have to investigate a bit to find out what was the problem).
>
> These corrrections would benefit directly to BackupPC project (for the
> next release) and to packaging (globally) ; in my opinion.
>
> > Thanks,
> > Steve
> >
>
> If you plan to make changes to BackupPC source code, you should use
> the current list (or more probably the devel one).
> If you have issues/questions/bugs/whatever about the package or
> SELinux issues, feel free to report them on the bugzilla (public
> reports would benefit to others I guess).

Hmmm.... Perhaps I should have warned you. I have never done anything
like this before and I have no idea how to go about it. Is there a
Fedora packagers guide or something similar?
Also are the requests made by the SELinux folks captured in a bug
report?

Steve

------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/