Following the HOWTO instructions on the CentOS wiki to install backuppc, I ran into some problems. The Apache error logs told me that there was a permissions issue with the htpassword file. Permission were fine.
There was a problem with SELinux. I verified this by changing enforcment to permissive.Once I had seen the program run, I used instructions on the CentOS wiki to make a new SELinux policy module and activate it.
To review the module you will create, to make sure it seems reasonable.
# grep httpd /var/log/audit/audit.log | audit2allow -m backuppc
That command shows me:
module backuppc 1.0;
require {
type var_log_t;
type file_t;
type httpd_t;
type initrc_t;
class sock_file write;
class unix_stream_socket connectto;
class dir search;
}
#============= httpd_t ==============
allow httpd_t file_t:dir search;
allow httpd_t initrc_t:unix_stream_socket connectto;
allow httpd_t var_log_t:sock_file write;
By looking at the actual audit logs (not shown), I can see that the web server process is trying to find, connect and write to a socket in its own directory. I am evaulating the program and it doesn't seem to want to access anything other than its own files. (UPDATE: In the end there were far more exceptions required; these few were just those required to get the software to start up.) So I will create a source policy module ...
# grep httpd /var/log/audit/audit.log | audit2allow -m \ > backuppc > backuppc.te
and build the policy module:
#grep httpd /var/log/audit/audit.log | audit2allow -M backuppc
The output of the last command shows me how to activate the module once it has been built ...
# semodule -i backuppc.pp
And change the operation of SELinux back to enforcing.
# setenforce 1
These instructions got backuppc running with selinux enabled on my CentOS 6 box, thanks for that.