[CentOS] rsync and selinux
James B. Byrne
byrnejb at harte-lyne.ca
Mon Jan 7 14:36:32 UTC 2013
On Mon, January 7, 2013 06:59, lhecking at users.sourceforge.net wrote:
> I'm trying to use rysnc to back up some directories on a CentOS6
> machine that uses selinux in enforcing mode. Most files didn't
> transfer, so I tried the example from rsync_selinux(8):
>
> Allow rsync servers to read the /var/rsync directory by adding
> the pub-
> lic_content_t file type to the directory and by restoring
> the file
> type.
>
> semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
> restorecon -F -R -v /var/rsync
>
> except I substituted /etc for /var/rsync.
>
> Big mistake. Most or all services with config files under /etc could
> no longer read their config files, including ssh. It looks like the
> selinux type was substituted rather than added? Thankfully, I was
> able to recover.
>
> What is the correct way to give rsync full access to everything under
> selinux?
>
I use rsync extensively to transfer entire systems from and to SElinux
enforcing environments and have never had a problem with reads using
rsync when logged on as the root user. My typical command line is
some variation of the following:
/usr/bin/rsync -avX --delete-after --specials --times \
--exclude-from=/root/rsync.d/exclude.list \
192.168.216.29:/* /.
Are you connecting as the root user?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS
mailing list