[CentOS] rsync and selinux
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 7 14:55:29 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/07/2013 08:26 AM, Gordon Messmer wrote:
> On 01/07/2013 03:59 AM, lhecking at users.sourceforge.net wrote:
>> Big mistake. Most or all services with config files under /etc could no
>> longer read their config files, including ssh. It looks like the selinux
>> type was substituted rather than added? Thankfully, I was able to
>> recover.
>
> Yes, I believe that you added a new file context rule to the configuration,
> and that rule had precedence over the system policy. Files have just one
> context.
>
>> What is the correct way to give rsync full access to everything under
>> selinux?
>
> The easiest way is to use rsync over ssh, rather than rsync as a daemon. As
> long as you aren't running it as a daemon, I don't believe that it's
> confined.
>
> Also, run rsync with -v to get more information about what's being skipped
> and why, and run 'tail -f /var/log/audit/audit.log' while you rsync to make
> sure that there aren't AVCs logged. If there aren't AVCs, it's probably
> not an SELinux problem. _______________________________________________
> CentOS mailing list CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
I would try the booleans
getsebool -a | grep rsync
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDq4eEACgkQrlYvE4MpobNEagCg2eZoqP/fDnR9o047A+KZSjq9
WMUAoL+WuVeGTdoWp8oHNcjczlFwZsST
=zYUV
-----END PGP SIGNATURE-----
More information about the CentOS
mailing list