-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chuck Anderson wrote: > I still have a problem with rsyncd.lock on Fedora 9. > > The symptoms are that after "a while"--several days perhaps, rsync > transfers fail with this message: > > @ERROR: failed to open lock file > rsync error: error starting client-server protocol (code 5) at > main.c(1296) > [receiver=2.6.8] > > Here is the lock file: > > -rw------- root root system_u:object_r:var_run_t:s0 /var/run/rsyncd.lock > > AVC messages: > > type=AVC msg=audit(1214969369.745:4847): avc: denied { lock } for > pid=32590 comm="rsync" path="/var/run/rsyncd.lock" dev=dm-3 ino=106537 > scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:var_run_t:s0 tclass=file > > type=AVC msg=audit(1214969379.283:4850): avc: denied { read write } > for pid=32594 comm="rsync" name="rsyncd.lock" dev=dm-3 ino=106537 > scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:var_run_t:s0 tclass=file > > This policy module fixes the issue: > > module rsync 1.0; > > require { > type var_run_t; > type rsync_t; > class file { read write lock }; > } > > #============= rsync_t ============== > allow rsync_t var_run_t:file { read write lock }; > > > On Thu, Oct 11, 2007 at 06:01:25PM -0400, Chuck Anderson wrote: >> I'm using Fedora Core 6, and trying to start a rsync daemon via >> xinetd. >> >> type=AVC msg=audit(1192132336.713:3464): avc: denied { lock } for >> pid=8488 comm="rsync" name="rsyncd.lock" dev=dm-4 ino=2064435 >> scontext=user_u:system_r:rsync_t:s0 >> tcontext=root:object_r:var_run_t:s0 tclass=file >> >> type=SYSCALL msg=audit(1192132336.713:3464): arch=40000003 syscall=221 >> success=no exit=-13 a0=4 a1=d a2=bff80730 a3=bff80730 items=0 >> ppid=8167 pid=8488 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 >> sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync" >> subj=user_u:system_r:rsync_t:s0 key=(null) >> type=AVC_PATH msg=audit(1192132336.713:3464): >> path="/var/run/rsyncd.lock" > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list Chuck the problem here is labeling. chcon -t rsync_var_run_t /var/run/rsyncd.lock I will make this the default label in Update 76 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkhtFd4ACgkQrlYvE4MpobNQXwCfUOQzUMAYCE0MJXBBtIPGt2gK kIcAniUHitExHVnxBjKr4GzKtNXDZ/Ma =/OtC -----END PGP SIGNATURE----- -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list