SELinux/rsync

rsync_selinux(8)     rsync Selinux Policy documentation      rsync_selinux(8)

NAME rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files. If you want to share files using the rsync daemon, you must label  the  files and directories  public_content_t. So if you created a special direc- tory /var/rsync, you would need to label the directory with the  chcon tool.

chcon -t public_content_t /var/rsync

If you  want  to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.

/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local /var/rsync(/.*)? system_u:object_r:public_content_t

SHARING FILES If you  want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and  public_con- tent_rw_t. These context  allow any of the above domains to read the content. If you want a particular domain to write to the  public_con- tent_rw_t   domain,    you   must   set   the   appropriate   boolean. allow_DOMAIN_anon_write. So for rsync you would execute:

setsebool -P allow_rsync_anon_write=1

BOOLEANS You can disable SELinux protection for the rsync daemon by executing:

setsebool -P rsync_disable_trans 1 service xinetd restart

system-config-securitylevel is  a  GUI  tool  available  to  customize SELinux policy settings.

AUTHOR This manual page was written by Dan Walsh .

SEE ALSO selinux(8), rsync(1), chcon(1), setsebool(8)

dwalsh@redhat.com                17 Jan 2005                 rsync_selinux(8)