Re: [BackupPC-users] Having Several Issues
2009-06-24 22:28:56
Here is the output of the requested commands. The -Z shows the selinux contexts...
[root@localhost fw]# pwd /BackupData/pc/fw [root@localhost fw]# getenforce Enforcing [root@localhost fw]# ls -la -Z drwxr-x--- backuppc backuppc root:object_r:var_lib_t . drwxr-x--- backuppc root system_u:object_r:var_lib_t ..
drwxr-x--- backuppc backuppc root:object_r:var_lib_t 0 drwxr-x--- backuppc backuppc root:object_r:var_lib_t 1 -rw-r----- backuppc backuppc root:object_r:var_lib_t backups -rw-r----- backuppc backuppc root:object_r:var_lib_t backups.old
-rw-r----- backuppc backuppc root:object_r:var_lib_t LOCK -rw-r----- backuppc backuppc root:object_r:var_lib_t LOG.062009 -rw-r----- backuppc backuppc root:object_r:var_lib_t XferLOG.0.z
-rw-r----- backuppc backuppc root:object_r:var_lib_t XferLOG.1.z [root@localhost fw]# --
If it turns out to be a selinux issue (which by now it does appear to be), I'd rather not disable selinux, but rather debug the context issues...
I just found some selinux errors in /var/log/messages:
Jun
24 14:46:21 localhost setroubleshoot: SELinux is preventing access to
files with the label, file_t. For complete SELinux messages. run
sealert -l 0de6d349-55f3-4ae2-aa9b-cfa3228e9c32
Here is the output of the sealert command:
sealert -l 0de6d349-55f3-4ae2-aa9b-cfa3228e9c32
Summary:
SELinux is preventing access to files with the label, file_t.
Detailed Description:
SELinux permission checks on files labeled file_t are being denied. file_t is the context the SELinux kernel gives to files that do not have a label. This
indicates a serious labeling problem. No files on an SELinux box should ever be labeled file_t. If you have just added a new disk drive to the system you can relabel it using the restorecon command. Otherwise you should relabel the entire
files system.
Allowing Access:
You can execute the following command as root to relabel your computer system: "touch /.autorelabel; reboot"
Additional Information:
Source Context root:system_r:httpd_t
Target Context system_u:object_r:file_t Target Objects / [ dir ] Source perl5.8.8 Source Path /usr/bin/perl5.8.8 Port <Unknown>
Host dumbo Source RPM Packages perl-5.8.8-18.el5_3.1 Target RPM Packages filesystem-2.4.0-2.el5.centos Policy RPM selinux-policy-2.4.6-203.el5 Selinux Enabled True
Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name file Host Name localhost Platform Linux localhost 2.6.18-128.1.14.el5 #1 SMP Wed Jun 17
06:40:54 EDT 2009 i686 i686 Alert Count 579 First Seen Sun Jun 21 19:35:32 2009 Last Seen Wed Jun 24 16:31:07 2009 Local ID 0de6d349-55f3-4ae2-aa9b-cfa3228e9c32
Line Numbers
Raw Audit Messages
host=localhost type=AVC msg=audit(1245886267.914:1245): avc: denied { search } for pid=1898 comm="perl5.8.8" name="/" dev=dm-4 ino=2 scontext=root:system_r:httpd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=dir
host=localhost type=SYSCALL msg=audit(1245886267.914:1245): arch=40000003 syscall=195 success=no exit=-13 a0=8bd37f8 a1=8a6d0c8 a2=aa4ff4 a3=8bd37f8 items=0 ppid=23678 pid=1898 auid=0 uid=101 gid=48 euid=101 suid=101 fsuid=101 egid=48 sgid=48 fsgid=48 tty=(none) ses=28 comm="perl5.8.8" exe="/usr/bin/perl5.8.8" subj=root:system_r:httpd_t:s0 key=(null)
It sounds like this might be helpful for me:
You can execute the following command as root to relabel your computer system:
"touch /.autorelabel; reboot"
I guess I'll give it a shot and see what happens... Does anyone want to weigh in on whether I should try "touch /.autorelabel; touch /BackupData/.autorelabel; reboot" since the file system in question is mounted to /BackupData, not '/' ?
[root@localhost fw]# mount ... /dev/mapper/VolGroup01-LogVol03 on /BackupData type ext3 (rw)
------------------------------------------------------------------------------
_______________________________________________
BackupPC-users mailing list
BackupPC-users AT lists.sourceforge DOT net
List: https://lists.sourceforge.net/lists/listinfo/backuppc-users
Wiki: http://backuppc.wiki.sourceforge.net
Project: http://backuppc.sourceforge.net/
|
|
|