Fedora 40, duplicati 2.1.0.103_canary_2024-12-21, selinux alerts

I just upgraded a Fedora 40 system to duplicati 2.1.0.103_canary_2024-12-21, and I’m getting a lot of selinux alerts. A test backup appears to be progressing nonetheless.

Did I miss an upgrade step? What can I do to quiet these alerts? The setroubleshooter steps don’t seem to be helping…

Follow-up…

Backup reported 68610 Warnings. The ones it shows (it doesn’t show all 68610) all appear to be of the form:

2025-01-04 20:33:40 -05 - [Warning-Duplicati.Library.Main.Operation.Backup.FileEnumerationProcess-FileAccessError]: Error reported while accessing file: FILE
FileLoadException: Unable to get symlink for “FILE”, error: EACCES (13)

Where “FILE” is a different file for each warning (but the same file within a single warning).

Discusses how new location of executables might impact SELinux, plus maybe a workaround.

Discussion might benefit from more SELinux expertise. If you have it, please post somewhere.

I tried this workaround from the linked thread Issues · duplicati/duplicati · GitHub

semanage fcontext -a -t bin_t '/usr/lib/duplicati/duplicati'
semanage fcontext -a -t bin_t '/usr/lib/duplicati/duplicati-*'
restorecon -r /usr/lib/duplicati/

So far, it doesn’t appear to have made any difference.

Digging through the thread and linked data I also see where another user updated SElinux policies - I will research those and see if they help in my case.

There is a problem with the “semanage” commands I quoted - the wildcard does not work. Here is a corrected version

semanage fcontext -a -t bin_t '/usr/lib/duplicati/duplicati'
for f in /usr/lib/duplicati/duplicati-*
do
  semanage fcontext -a -t bin_t ${f}
done
restorecon -r /usr/lib/duplicati/

Using this corrected version appears to have resolved my SElinux issues, with the caveat that I have also added various SElinux policies as well, so at the moment it isn’t clear if the above commands are sufficient by themselves, or if the policies were also needed. I am going to research how to “undo” the SElinux policies and will report back with what I find.

1 Like

Follow-up.

I was able to remove the custom SElinux policies and perform a backup with no apparent issues.

I will mark my prior post with the corrected “semanage” commands as “the solution”.

1 Like