On Wed, 2009-08-12 at 16:36 -0400, Daniel J Walsh wrote: > On 08/11/2009 05:30 PM, Mike Cloaked wrote: > > > > > > > > Mike Cloaked wrote: > >> > >> > >> Machines on the LAN have been running backups across the network using an > >> rsync command within a script which essentially does: > >> rsync --delete -aXH --exclude blah /opt > >> home1:/media/usbdrive/BACKUPS/myhostname > >> and similar for other directories. > >> > >> This has worked fine until I installed F11 on some of the machines in the > >> LAN, with ext4 filesystems on them. > >> > >> Trying the same thing in this case gave AVC denials on the machine > >> (running F10) to which the the external usb drive was attached (and with > >> an ext3 filesystem to take the backups) > >> > >> The AVC contained: > >> Summary > >> SELinux is preventing rsync (unconfined_t) "mac_admin" unconfined_t. > >> > >> > > > > I wonder if this is related to > > https://bugzilla.redhat.com/show_bug.cgi?id=510649 > Yes you are trying to put F11 labels on an F10 box. Just setup rsync to not maintain labels. Isn't this scenario one of the reasons why we introduced the deferred context mapping support? If he allowed rsync mac_admin permission, it could in fact store the unknown labels on disk on the F10 box and later read them for restoring to the F11 system, right? -- Stephen Smalley National Security Agency -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
