Re: rsync as backup from f11 to F10 - issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 08/14/2009 07:55 AM, Stephen Smalley wrote:
> On Wed, 2009-08-12 at 16:36 -0400, Daniel J Walsh wrote:
>> On 08/11/2009 05:30 PM, Mike Cloaked wrote:
>>>
>>>
>>>
>>> Mike Cloaked wrote:
>>>>
>>>>
>>>> Machines on the LAN have been running backups across the network using an
>>>> rsync command within a script which essentially does:
>>>> rsync --delete -aXH --exclude blah /opt
>>>> home1:/media/usbdrive/BACKUPS/myhostname
>>>> and similar for other directories.
>>>>
>>>> This has worked fine until I installed F11 on some of the  machines in the
>>>> LAN, with ext4 filesystems on them.
>>>>
>>>> Trying the same thing in this case gave AVC denials on the machine
>>>> (running F10) to which the the external usb drive was attached (and with
>>>> an ext3 filesystem to take the backups)
>>>>
>>>> The AVC contained:
>>>> Summary
>>>> SELinux is preventing rsync (unconfined_t) "mac_admin" unconfined_t. 
>>>>
>>>>
>>>
>>> I wonder if this is related to 
>>> https://bugzilla.redhat.com/show_bug.cgi?id=510649
>> Yes you are trying to put F11 labels on an F10 box.  Just setup rsync to not maintain labels.
> 
> Isn't this scenario one of the reasons why we introduced the deferred
> context mapping support?  If he allowed rsync mac_admin permission, it
> could in fact store the unknown labels on disk on the F10 box and later
> read them for restoring to the F11 system, right?
> 
Yes that would work, but I thought we were frowning on this.  The files would also be unusable by any confined processes on the F10 machine, I am not sure what would happen with the association denied, errors.

--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux