-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/07/2013 08:26 AM, Gordon Messmer wrote:
> On 01/07/2013 03:59 AM, lhecking@xxxxxxxxxxxxxxxxxxxxx wrote:
>> Big mistake. Most or all services with config files under /etc could no
>> longer read their config files, including ssh. It looks like the selinux
>> type was substituted rather than added? Thankfully, I was able to
>> recover.
>
> Yes, I believe that you added a new file context rule to the configuration,
> and that rule had precedence over the system policy. Files have just one
> context.
>
>> What is the correct way to give rsync full access to everything under
>> selinux?
>
> The easiest way is to use rsync over ssh, rather than rsync as a daemon. As
> long as you aren't running it as a daemon, I don't believe that it's
> confined.
>
> Also, run rsync with -v to get more information about what's being skipped
> and why, and run 'tail -f /var/log/audit/audit.log' while you rsync to make
> sure that there aren't AVCs logged. If there aren't AVCs, it's probably
> not an SELinux problem. _______________________________________________
> CentOS mailing list CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
>
I would try the booleans
getsebool -a | grep rsync
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlDq4eEACgkQrlYvE4MpobNEagCg2eZoqP/fDnR9o047A+KZSjq9
WMUAoL+WuVeGTdoWp8oHNcjczlFwZsST
=zYUV
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
