On Mon, January 7, 2013 06:59, lhecking@users.sourceforge.net wrote:
I'm trying to use rysnc to back up some directories on a CentOS6 machine that uses selinux in enforcing mode. Most files didn't transfer, so I tried the example from rsync_selinux(8):
Allow rsync servers to read the /var/rsync directory by addingthe pub- lic_content_t file type to the directory and by restoring the file type.
semanage fcontext -a -t public_content_t "/var/rsync(/.*)?" restorecon -F -R -v /var/rsyncexcept I substituted /etc for /var/rsync.
Big mistake. Most or all services with config files under /etc could no longer read their config files, including ssh. It looks like the selinux type was substituted rather than added? Thankfully, I was able to recover.
What is the correct way to give rsync full access to everything under selinux?
I use rsync extensively to transfer entire systems from and to SElinux enforcing environments and have never had a problem with reads using rsync when logged on as the root user. My typical command line is some variation of the following:
/usr/bin/rsync -avX --delete-after --specials --times \ --exclude-from=/root/rsync.d/exclude.list \ 192.168.216.29:/* /.
Are you connecting as the root user?
I use rsync extensively to transfer entire systems from and to SElinux enforcing environments and have never had a problem with reads using rsync when logged on as the root user. My typical command line is some variation of the following:
/usr/bin/rsync -avX --delete-after --specials --times \ --exclude-from=/root/rsync.d/exclude.list \ 192.168.216.29:/* /.
(-a includes --times :)
Are you connecting as the root user?
I'm connecting in daemon mode since I'm using pre-defined modules. Any other solution requires either a password or setting up passwordless ssh, which I'm not inclined to do in this case. The purpose here is automation.
ken wrote:
On Sun, Jan 06, 2013 at 06:23:20PM -0500, ken wrote:
On 01/06/2013 05:18 PM fred smith wrote:
On Sun, Jan 06, 2013 at 02:43:09PM -0500, ken wrote:
On 01/06/2013 09:55 AM fred smith wrote:
On Sun, Jan 06, 2013 at 06:33:07AM -0500, ken wrote: > Fred, > > Also running an up-to-date 5.8 but with just 2G of RAM, > clock-applet consumes the following: > > PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND > 4133 me 15 0 29568 3748 2944 S 0.0 0.2 190:51.33 clock-applet
<snip>
it's the same version and size as yours, but the md5sum differs. have you perhaps disabled prelink? (I don't call that I have ever done so) It's not obvious to me what other (legitimate) event would account for the difference in checksum.
<snip> I've not been in this thread, but the above cmt *deeply* disturbs me. I'd start by yum remove the package with the applet and reinstall... after double checking what mirror it's getting the package from.
Yes, an infected repo is what's running through my mind, or a hijacked URL.
mark
lhecking@users.sourceforge.net wrote:
I use rsync extensively to transfer entire systems from and to SElinux enforcing environments and have never had a problem with reads using rsync when logged on as the root user. My typical command line is some variation of the following:
/usr/bin/rsync -avX --delete-after --specials --times \ --exclude-from=/root/rsync.d/exclude.list \ 192.168.216.29:/* /.
(-a includes --times :)
Are you connecting as the root user?
I'm connecting in daemon mode since I'm using pre-defined modules. Any other solution requires either a password or setting up passwordless ssh, which I'm not inclined to do in this case. The purpose here is automation.
Over here, we have a key we use only for backups with rsync, and we restrict what commands can be run with that key to rsync.
mark
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 01/07/2013 10:41 AM, m.roth@5-cent.us wrote:
lhecking@users.sourceforge.net wrote:
I use rsync extensively to transfer entire systems from and to SElinux enforcing environments and have never had a problem with reads using rsync when logged on as the root user. My typical command line is some variation of the following:
/usr/bin/rsync -avX --delete-after --specials --times \ --exclude-from=/root/rsync.d/exclude.list \ 192.168.216.29:/* /.
(-a includes --times :)
Are you connecting as the root user?
I'm connecting in daemon mode since I'm using pre-defined modules. Any other solution requires either a password or setting up passwordless ssh, which I'm not inclined to do in this case. The purpose here is automation.
Over here, we have a key we use only for backups with rsync, and we restrict what commands can be run with that key to rsync.
mark
_______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Seemed to be worthy of a blog
http://danwalsh.livejournal.com/61646.html
Seemed to be worthy of a blog
Thanks, Dan - the "unconfined domain" method is the ticket!
-
Daniel J Walsh -
James B. Byrne -
lhecking@users.sourceforge.net -
m.roth@5-cent.us