-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Chuck Anderson wrote:
> I still have a problem with rsyncd.lock on Fedora 9.
>
> The symptoms are that after "a while"--several days perhaps, rsync
> transfers fail with this message:
>
> @ERROR: failed to open lock file
> rsync error: error starting client-server protocol (code 5) at
> main.c(1296)
> [receiver=2.6.8]
>
> Here is the lock file:
>
> -rw------- root root system_u:object_r:var_run_t:s0 /var/run/rsyncd.lock
>
> AVC messages:
>
> type=AVC msg=audit(1214969369.745:4847): avc: denied { lock } for
> pid=32590 comm="rsync" path="/var/run/rsyncd.lock" dev=dm-3 ino=106537
> scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_run_t:s0 tclass=file
>
> type=AVC msg=audit(1214969379.283:4850): avc: denied { read write }
> for pid=32594 comm="rsync" name="rsyncd.lock" dev=dm-3 ino=106537
> scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:var_run_t:s0 tclass=file
>
> This policy module fixes the issue:
>
> module rsync 1.0;
>
> require {
> type var_run_t;
> type rsync_t;
> class file { read write lock };
> }
>
> #============= rsync_t ==============
> allow rsync_t var_run_t:file { read write lock };
>
>
> On Thu, Oct 11, 2007 at 06:01:25PM -0400, Chuck Anderson wrote:
>> I'm using Fedora Core 6, and trying to start a rsync daemon via
>> xinetd.
>>
>> type=AVC msg=audit(1192132336.713:3464): avc: denied { lock } for
>> pid=8488 comm="rsync" name="rsyncd.lock" dev=dm-4 ino=2064435
>> scontext=user_u:system_r:rsync_t:s0
>> tcontext=root:object_r:var_run_t:s0 tclass=file
>>
>> type=SYSCALL msg=audit(1192132336.713:3464): arch=40000003 syscall=221
>> success=no exit=-13 a0=4 a1=d a2=bff80730 a3=bff80730 items=0
>> ppid=8167 pid=8488 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync"
>> subj=user_u:system_r:rsync_t:s0 key=(null)
>> type=AVC_PATH msg=audit(1192132336.713:3464):
>> path="/var/run/rsyncd.lock"
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Chuck the problem here is labeling.
chcon -t rsync_var_run_t /var/run/rsyncd.lock
I will make this the default label in Update 76
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iEYEARECAAYFAkhtFd4ACgkQrlYvE4MpobNQXwCfUOQzUMAYCE0MJXBBtIPGt2gK
kIcAniUHitExHVnxBjKr4GzKtNXDZ/Ma
=/OtC
-----END PGP SIGNATURE-----
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
