On Tuesday 05 August 2008 23:36:02 you wrote:
> On 7/31/08, Tony Molloy <tony.molloy AT ul DOT ie> wrote:
> > Make sure you have system-config-selinux installed. I think it's in the
> > policycoreutils-gui rpm.
> >
> > Run system-config-selinux
> >
> > system-config-linux ==> Boolean ==> HTTPD Service
> >
> > Set the following option
> >
> > Disable selinux protection for HTTPD daemon
> >
> >
> > This will just disable SELinux for httpd and leave it enabled for
> > everything else.
> >
> > A similar process will work for the other daemons.
> >
> >
> > Hope this helps
> >
> > Tony
>
> Hey, Tony,
>
> You are awesome. Thanks a lot for the help!
>
Any time.
> I was able to follow that and I now have BackupPC running on CentOS
> with the policy from audit2allow.
>
> Small question, if you'd be so kind, I noticed the policy allows
> httpd to connect to unix streams and to unix socket files. Do you
> know how I can tighten that policy to only allow connection to the
> /var/log/BackupPC/BackupPC.sock socket/file? (Or what would be a
> good RTFM for that question?)
Just edit the local.te file you generated and remove the following lines
class unix_stream_socket connectto;
allow httpd_t initrc_t:unix_stream_socket connectto;
Then regenerate the policy module again.
Not sure if that will work though, I haven't actually tried it.
I did install the rpm from the testing repo on a test machine over the weekend
and I got it working. How do we go about getting it into CentOS extras.
Regards,
Tony
>
> thanks again,
> Aleksey
-------------------------------------------------------
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|