BackupPC-users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [BackupPC-users] SELinux issue with BackupPC 3.1.0 on Fedora 6

2008-08-06 03:34:57
Subject: Re: [BackupPC-users] SELinux issue with BackupPC 3.1.0 on Fedora 6
From: Tony Molloy <tony.molloy AT ul DOT ie>
To: backuppc-users AT lists.sourceforge DOT net
Date: Wed, 6 Aug 2008 08:34:45 +0100 

On Tuesday 05 August 2008 23:36:02 you wrote:
> On 7/31/08, Tony Molloy <tony.molloy AT ul DOT ie> wrote:
> > Make sure you have system-config-selinux installed. I think it's in the
> > policycoreutils-gui rpm.
> >
> > Run system-config-selinux
> >
> > system-config-linux ==> Boolean ==> HTTPD Service
> >
> > Set the following option
> >
> >     Disable selinux protection for HTTPD daemon
> >
> >
> > This will just disable SELinux for httpd and leave it enabled for
> > everything else.
> >
> > A similar process will work for the other daemons.
> >
> >
> > Hope this helps
> >
> > Tony
>
> Hey, Tony,
>
>   You are awesome.   Thanks a lot for the help!
>

Any time.

>   I was able to follow that and I now have BackupPC running on CentOS
> with the policy from audit2allow.
>
>   Small question, if you'd be so kind, I noticed the policy allows
> httpd to connect to unix streams and to unix socket files.   Do you
> know how I can tighten that policy to only allow connection to the
> /var/log/BackupPC/BackupPC.sock socket/file?   (Or what would be a
> good RTFM for that question?)

Just edit the local.te file you generated and remove the following lines

        class unix_stream_socket connectto;

allow httpd_t initrc_t:unix_stream_socket connectto;

Then regenerate the policy module again.

Not sure if that will work though, I haven't actually tried it.

I did install the rpm from the testing repo on a test machine over the weekend 
and I got it working.  How do we go about getting it into CentOS extras.

Regards,

Tony


>
> thanks again,
> Aleksey



-------------------------------------------------------

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List:    https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki:    http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • Re: [BackupPC-users] SELinux issue with BackupPC 3.1.0 on Fedora 6, Tony Molloy <=
Previous by Date:  Re: [BackupPC-users] Is it OK to use rsync 3.0.3 with BackupPC 3.1.0 ?, Bernhard Egger
Next by Date:  Re: [BackupPC-users] FreeNAS port?, Harald Dumdey
Previous by Thread:  [BackupPC-users] Is it OK to use rsync 3.0.3 with BackupPC 3.1.0 ?, Aleksey Tsalolikhin
Next by Thread:  Re: [BackupPC-users] FreeNAS port?, Harald Dumdey
Indexes:  [Date] [Thread] [Top] [All Lists]