|
I was finally able to
resolve this issue, so I wanted to post what worked for me.
Because of the numerous changes made to try to fix this, I don't know the minimum changes required to
fix it, but my
best guess is: 1. verify permissions on Webacula webroot and all contents are: rwxr-xr-x. apache apache 2. reset SELinux contexts on Webacula webroot to defaults 3. change SELinux contexts on Webacula webroot and all contents to: system_u:object_r:httpd_sys_content_t:s0 I don't know if number 2 is required, but I completed 1 and 3 above prior to today, but still got the error. After completing both 2 and 3 today, it worked. Thanks for all the help. On 11/21/2012 7:28 AM, Clark, Patricia
A. wrote:
From: Ryan Jantz <rja...@scifit.com<mailto:rja...@scifit.com>> Date: Tuesday, November 20, 2012 6:06 PM To: "bacula-users@lists.sourceforge.net<mailto:bacula-users@lists.sourceforge.net>" <bacula-users@lists.sourceforge.net<mailto:bacula-users@lists.sourceforge.net>> Subject: Re: [Bacula-users] Webacula cannot execute bconsoleHello again. So I've been reading and learning (a little) about SELinux today, but I haven't made much progress. Setting selinux to permissive resolves the error. Selinux context on my /var/www/webacula is: drwxr-xr-x. apache apache system_u:object_r:httpd_sys_content_t:s0 Entries in /var/log/messages are: bconsole: bsock.c:135 Unable to connect to Director daemon on localhost:9101. ERR=Permission denied My interpretation of that error is bconsole is not able to connect to bacula-dir, but I can manually start bconsole. It seems the problem is when apache or webacula tries to start bconsole Selinux context on /usr/sbin/bacula-dir: lrwxrwxrwx. root root unconfined_u:object_r:bin_t:s0 Selinux context on /usr/sbin/bconsole -rwxr-x---. root bacula system_u:object_r:bin_t:s0 I'm not sure what permissions need to be modified. Any ideas? Thanks On 11/20/2012 6:31 AM, Ryan Jantz wrote: Yes. I figured out SELinux is the problem. If I disable it, the errors stop. Now to figure out how to configure SELinux so it plays nice with Apache. Thanks On Nov 20, 2012, at 2:17 AM, Rados3aw Korzeniewski <rados...@korzeniewski.net<mailto:rados...@korzeniewski.net>> wrote: Hello, 2012/11/19 Ryan Jantz <rja...@scifit.com<mailto:rja...@scifit.com>> I am able to run the above command in terminal as root and the apache user without any errors. The apache user is a member of the bacula group. (...) Any ideas? Did you restart an apache webserver? best regards -- Rados3aw Korzeniewski rados...@korzeniewski.net<mailto:rados...@korzeniewski.net> ------------------------------------------------------------------------------ SELinux is not a simple modify permissions type of fix. You will need to create the policies within SELinux in order to provide the "permissions" in the extended attributes that allows Webacula to interact with the director. This is not a trivial exercise, but would be quite valuable to the community if successful. This is why many shops don't consistently use SELinux in enforcing mode. Patti Clark Linux System Administrator Research and Development Systems Support Oak Ridge National Laboratory ------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users |
------------------------------------------------------------------------------ Monitor your physical, virtual and cloud infrastructure from a single web console. Get in-depth insight into apps, servers, databases, vmware, SAP, cloud infrastructure, etc. Download 30-day Free Trial. Pricing starts from $795 for 25 servers or applications! http://p.sf.net/sfu/zoho_dev2dev_nov
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
