Can you do the following? I'm assuming you are on Fedora or RHEL 1) Install the policycoreutils-python 2) Erase the audit log 3) Launch webacula 4) Check for denials
In detail # yum -y install policycoreutils-python # > /var/log/audit/audit.log [start webacula or whatever] # audit2allow -a Please paste the output here. Probably it can be fixed by a SELinux boolean or a context change on the binary. Regards, --Simone On 21 November 2012 14:28, Clark, Patricia A. <clar...@ornl.gov> wrote: > > From: Ryan Jantz <rja...@scifit.com<mailto:rja...@scifit.com>> > Date: Tuesday, November 20, 2012 6:06 PM > To: > "bacula-users@lists.sourceforge.net<mailto:bacula-users@lists.sourceforge.net>" > > <bacula-users@lists.sourceforge.net<mailto:bacula-users@lists.sourceforge.net>> > Subject: Re: [Bacula-users] Webacula cannot execute bconsole > > Hello again. So I've been reading and learning (a little) about SELinux > today, but I haven't made much progress. Setting selinux to permissive > resolves the error. Selinux context on my /var/www/webacula is: > drwxr-xr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 > > Entries in /var/log/messages are: > bconsole: bsock.c:135 Unable to connect to Director daemon on localhost:9101. > ERR=Permission denied > > My interpretation of that error is bconsole is not able to connect to > bacula-dir, but I can manually start bconsole. It seems the problem is when > apache or webacula tries to start bconsole > > Selinux context on /usr/sbin/bacula-dir: > lrwxrwxrwx. root root unconfined_u:object_r:bin_t:s0 > > Selinux context on /usr/sbin/bconsole > -rwxr-x---. root bacula system_u:object_r:bin_t:s0 > > I'm not sure what permissions need to be modified. Any ideas? > > Thanks > > On 11/20/2012 6:31 AM, Ryan Jantz wrote: > Yes. > > I figured out SELinux is the problem. If I disable it, the errors stop. Now > to figure out how to configure SELinux so it plays nice with Apache. > > Thanks > > On Nov 20, 2012, at 2:17 AM, Radosław Korzeniewski > <rados...@korzeniewski.net<mailto:rados...@korzeniewski.net>> wrote: > > Hello, > > 2012/11/19 Ryan Jantz <rja...@scifit.com<mailto:rja...@scifit.com>> > I am able to run the above command in terminal as root and the apache user > without any errors. The apache user is a member of the bacula group. > (...) > Any ideas? > > Did you restart an apache webserver? > > best regards > -- > Radosław Korzeniewski > rados...@korzeniewski.net<mailto:rados...@korzeniewski.net> > ------------------------------------------------------------------------------ > SELinux is not a simple modify permissions type of fix. You will need to > create the policies within SELinux in order to provide the "permissions" in > the extended attributes that allows Webacula to interact with the director. > This is not a trivial exercise, but would be quite valuable to the community > if successful. This is why many shops don't consistently use SELinux in > enforcing mode. > > Patti Clark > Linux System Administrator > Research and Development Systems Support Oak Ridge National Laboratory > > > > > ------------------------------------------------------------------------------ > Monitor your physical, virtual and cloud infrastructure from a single > web console. Get in-depth insight into apps, servers, databases, vmware, > SAP, cloud infrastructure, etc. Download 30-day Free Trial. > Pricing starts from $795 for 25 servers or applications! > http://p.sf.net/sfu/zoho_dev2dev_nov > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users -- You cannot discover new oceans unless you have the courage to lose sight of the shore (R. W. Emerson). ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
