Our setup is a little different that yours, but this is the SELinux module I deploy to my BackupPC server with these steps: semodule -r backuppc checkmodule -M -m -o /tmp/backuppc.mod /tmp/backuppc.te semodule_package -o /tmp/backuppc.pp -m /tmp/backuppc.mod semodule -i /tmp/backuppc.pp
We also set these SELinux Booleans setsebool httpd_read_user_content 1 setsebool httpd_use_nfs 1 # our data store is on NFS Contents of /tmp/backuppc.te: module backuppc 1.0; require { type etc_t; type var_log_t; type net_conf_t; type user_tmp_t; type httpd_sys_script_t; class file { write rename read create unlink open }; class dir { search read write getattr remove_name open add_name }; } #============= httpd_sys_script_t ============== allow httpd_sys_script_t etc_t:dir { write search read open getattr add_name remove_name }; allow httpd_sys_script_t etc_t:file { write rename create unlink }; allow httpd_sys_script_t var_log_t:dir read; allow httpd_sys_script_t var_log_t:file { read open }; allow httpd_sys_script_t net_conf_t:file { read write open rename create unlink }; allow httpd_sys_script_t user_tmp_t:dir { write search read open getattr add_name remove_name }; allow httpd_sys_script_t user_tmp_t:file { write rename create unlink }; > On Aug 28, 2019, at 09:45, Jamie Burchell <ja...@ib3.uk> wrote: > > Hi > > I’m having trouble with SELinux reporting: > > avc: denied { write } for pid=15496 comm="BackupPC_Admin" name="LOCK" > dev="sda1" ino=201443561 scontext=system_u:system_r:httpd_t:s0 > tcontext=system_u:object_r:var_lib_t:s0 tclass=file permissive=0 > > The issue (and supposed answer) is mentioned here: > > https://lists.fedoraproject.org/pipermail/selinux/2013-March/015287.html > <https://lists.fedoraproject.org/pipermail/selinux/2013-March/015287.html> > > I have replaced /var/lib/BackupPC with a symlink to > /mnt/volume_lon1_01_part1/BackupPC > > As far as I can tell, the default context for /var/lib/BackupPC is > “system_u:object_r:var_lib_t:s0” and this is what I have set on > “/mnt/volume_lon1_01_part1/BackupPC”. > > So the context appears to be correct, and I’ve run restorecon -R > /var/lib/BackupPC but the messages still persist. > > Anybody know how to fix this? > > I should mention that everything appears to be working fine. > > Thanks, > Jamie > _______________________________________________ > BackupPC-users mailing list > BackupPC-users@lists.sourceforge.net > <mailto:BackupPC-users@lists.sourceforge.net> > List: https://lists.sourceforge.net/lists/listinfo/backuppc-users > <https://lists.sourceforge.net/lists/listinfo/backuppc-users> > Wiki: http://backuppc.wiki.sourceforge.net > <http://backuppc.wiki.sourceforge.net/> > Project: http://backuppc.sourceforge.net/ <http://backuppc.sourceforge.net/>
_______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/