SELinux issue with BackupPC 3.1.0 on Fedora 6

Tony Molloy tony.molloy at
Wed Jul 30 07:50:26 UTC 2008

On Wednesday 30 July 2008 02:00:18 Aleksey Tsalolikhin wrote:
> Hi.  I am trying to get BackupPC working on a Fedora Core 6 server.
> I installed BackupPC with "yum install backuppc" and "yum install httpd".
> But when I fire up the Web interface, it says
>        Error: Unable to connect to BackupPC server
> And I have an SE Linux error message:
> avc:  denied  { write } for  pid=5120 comm="perl5.8.8"
> name="BackupPC.sock" dev=dm-0 ino=56393744
> scontext=user_u:system_r:httpd_t:s0
> tcontext=user_u:object_r:var_log_t:s0 tclass=sock_file
> If I turn off SE Linux, BackupPC works fine.   But per our policy,
> this server must have SE Linux turned on.
> How to make this work, please?
> Best,
> Aleksey

First you really should upgrade to a supported version of Fedora or to CentOS.

Second I have a very similar problem  with BackupPC on CentOS 5.2. I installed 
BackupPC from source rather than use the rpm in the CentOS testing repos. 
Everything is working fine except for a similar "BackupPC.sock" SELinux 

type=AVC msg=audit(1216986223.223:145): avc:  denied  { write } for  pid=7667 
comm="httpd" name="BackupPC.sock" dev=sda5 ino=3094722 
tcontext=root:object_r:httpd_sys_content_t:s0 tclass=sock_file

What I did as a temporary workaround was to disable SELinux protection for the 
httpd daemon.

I then generated and installed a local policy to allow access.

1. Generate local policy

    $ grep http  /var/log/audit/audit.log | audit2allow -m myhttp > myhttp.te

2. Compile the module
    $ checkmodule -M -m -o local.mod myhttp.te

3.  Create the package
    $ semodule_package -o myhttp.pp -m local.mod

4   Load the module into the kernel
    $ semodule -i myhttp.pp

Now to see if that works ;-)

Seems to. I can now access the GUI with SELinux enabled for the httpd daemon.


More information about the fedora-list mailing list