On Tuesday 05 August 2008 23:36:02 you wrote: > On 7/31/08, Tony Molloy <[EMAIL PROTECTED]> wrote: > > Make sure you have system-config-selinux installed. I think it's in the > > policycoreutils-gui rpm. > > > > Run system-config-selinux > > > > system-config-linux ==> Boolean ==> HTTPD Service > > > > Set the following option > > > > Disable selinux protection for HTTPD daemon > > > > > > This will just disable SELinux for httpd and leave it enabled for > > everything else. > > > > A similar process will work for the other daemons. > > > > > > Hope this helps > > > > Tony > > Hey, Tony, > > You are awesome. Thanks a lot for the help! >
Any time. > I was able to follow that and I now have BackupPC running on CentOS > with the policy from audit2allow. > > Small question, if you'd be so kind, I noticed the policy allows > httpd to connect to unix streams and to unix socket files. Do you > know how I can tighten that policy to only allow connection to the > /var/log/BackupPC/BackupPC.sock socket/file? (Or what would be a > good RTFM for that question?) Just edit the local.te file you generated and remove the following lines class unix_stream_socket connectto; allow httpd_t initrc_t:unix_stream_socket connectto; Then regenerate the policy module again. Not sure if that will work though, I haven't actually tried it. I did install the rpm from the testing repo on a test machine over the weekend and I got it working. How do we go about getting it into CentOS extras. Regards, Tony > > thanks again, > Aleksey ------------------------------------------------------- ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/