[CentOS] rsync and selinux

James B. Byrne byrnejb at harte-lyne.ca
Mon Jan 7 14:36:32 UTC 2013


On Mon, January 7, 2013 06:59, lhecking at users.sourceforge.net wrote:
> I'm trying to use rysnc to back up some directories on a CentOS6
> machine that uses selinux in enforcing mode. Most files didn't
> transfer, so I tried the example from rsync_selinux(8):
>
>        Allow rsync servers to read the /var/rsync directory by adding
> the pub-
>        lic_content_t file type to the directory  and  by  restoring
> the  file
>        type.
>
>        semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
>        restorecon -F -R -v /var/rsync
>
>  except I substituted /etc for /var/rsync.
>
>  Big mistake. Most or all services with config files under /etc could
>  no longer read their config files, including ssh. It looks like the
>  selinux type was substituted rather than added? Thankfully, I was
>  able to recover.
>
>  What is the correct way to give rsync full access to everything under
>  selinux?
>

I use rsync extensively to transfer entire systems from and to SElinux
enforcing environments and have never had a problem with reads using
rsync when logged on as the root user.  My typical command line is
some variation of the following:

/usr/bin/rsync -avX --delete-after --specials --times \
  --exclude-from=/root/rsync.d/exclude.list \
  192.168.216.29:/* /.

Are you connecting as the root user?

-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3




More information about the CentOS mailing list