I'm trying to slurp a CentOS 7's filesystem to another CentOS 7 system
using rsyncd on the supplying side and rsync running as a client in a timer
unit on the client side. My backup script on the backup system runs fine
from the command line. When run from a systemd timer unit, rsync sends
nothing to the systemd log and I see a denial in the audit log for a Unix
domain socket in init_t context. I'm guessing it's trying to write to
stdout which is getting redirected to systemd's log. The service unit file
has StandardOutput=syslog in order to capture the list of files backed up.
The following selinux rule seems to fix this:
allow rsync_t init_t:unix_stream_socket { getattr read write };
I also found it necessary to add --no-devices and --no-specials to my
backup script, but I can live with that. A few devices show up in chroots
and postfix has some sockets in its package. Those are easily recreated if
I need to do a restore.
So is this selinux rule an oversight? Should there be an rsync bool for it?
Or was this fixed in a more recent version of systemd?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
