BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] SELinux preventing server connection.

2010-04-29 14:38:29
Subject: Re: [BackupPC-users] SELinux preventing server connection.
From: Johan Cwiklinski <mailings AT x-tnd DOT be>
To: backuppc-users AT lists.sourceforge DOT net
Date: Thu, 29 Apr 2010 20:36:38 +0200 
>
> On Tue, 27 Apr 2010 21:08:23 +0200
> Johan Cwiklinski <mailings AT x-tnd DOT be> wrote:
>
>   
>> Hello,
>>
>> Le 27/04/2010 20:30, Steve Blackwell a écrit :
>>     
>>> BZ=bugzilla?
>>>   
>>>       
>> Yes :) That is a better place to report package specific issues, all
>> of that SELinus stuff is not really BackupPC relevant.
>>
>>     
>>> I had alway run SELinux in permissive mode because of the problems I
>>> was having. After talking with the SELinux folks and reinstalling
>>> the targeted policy, I am now running in enforcing mode but I'm
>>> experiencing these issues.
>>>
>>>   
>>>       
>>>> By the way, I'm using backuppc with SELinux enabled under F-12 with
>>>> exactly the same SELinux rules and files location ; and I do not
>>>> have any problems so far.
>>>>
>>>> Basically, just run "restorecon -R -v /var/log/BackupPC" should
>>>> does the trick ; files under that directory should be labelled 
>>>> "system_u:object_r:httpd_sys_content_t:s0" (the contexts I have on
>>>> my F-12 box) and of course have to be owned by "backuppc" user.
>>>>     
>>>>         
>>> The files in my /var/log/BackupPC were labelled incorrectly and
>>> restorecon wasn't changing anything. I don't know why that was but I
>>> have fixed that now. Even after that, I was still getting write and
>>> connectto denials on /var/log/BackupPC.sock.
>>>
>>> With the SELinux group's assistant I can now connect to the
>>> BackupPc server but now BackupPC is not allowed to read the disk
>>> where my backups are located.
>>>   
>>>       
>> Connection problems are strange, but indeed related to the pacakge
>> itself.
>>
>> As for reading backup location... The package can only handle the
>> default location. If that is changed (most of the cases for a backup
>> system) you're in charge to check SELinux and right management
>> issues ; any package can do it for you.
>>
>> As I'm not selinux lists subscriber, I do not know exactly what the
>> probelm was, and what has been done to be solved. Maybe could you send
>> me in private a link to the archives pointing to that particular
>> discution?
>>     
> I have my connection problem solved. I'm still having other problems
> though.
>
>   
>>>> On the other hand, I would accept any help improving the
>>>> Fedora/EPEL package with a great pleasure.
>>>>     
>>>>         
>>> Well I have a little time so I'd be happy to help you. Just tell me
>>> how. 
>>>       
>> Strange paths made SELinux unhappy.
>> I started to implement the ability to change the bindir at install
>> time, but I failed...
>>
>> As far as I remember, BackupPC is not really FHS compliant beacause:
>> - LOCK file stands in /var/log,
>> - PID file stands in /var/log,
>> - binaries stands in /usr/share.
>> - maybe others I've forget/I've never seen
>>
>> Also, some kind of temporary files are created althought they should
>> not (I'll have to investigate a bit to find out what was the problem).
>>
>> These corrrections would benefit directly to BackupPC project (for the
>> next release) and to packaging (globally) ; in my opinion.
>>
>>     
>>> Thanks,
>>> Steve
>>>   
>>>       
>> If you plan to make changes to BackupPC source code, you should use
>> the current list (or more probably the devel one).
>> If you have issues/questions/bugs/whatever about the package or
>> SELinux issues, feel free to report them on the bugzilla (public
>> reports would benefit to others I guess).
>>     
> Hmmm.... Perhaps I should have warned you. I have never done anything
> like this before and I have no idea how to go about it. Is there a
> Fedora packagers guide or something similar?
>   

There is musch documentation on the wiki ; but I was talking about
BackupPC hacking, it's not packaging related (in the first times).

> Also are the requests made by the SELinux folks captured in a bug
> report? 
>   

No, they've asked me directly on IRC.

> Steve
>   

Regards,
Johan

------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [BackupPC-users] SELinux preventing server connection., Johan Cwiklinski
Next by Date:  [BackupPC-users] Noted Observations & Complaints Using BackupPC for 5 mon, Saturn2888
Previous by Thread:  Re: [BackupPC-users] SELinux preventing server connection., Johan Cwiklinski
Next by Thread:  [BackupPC-users] backuppc backing up Mac OSX to linux, Robert Minvielle
Indexes:  [Date] [Thread] [Top] [All Lists]