"David Highley wrote:" > > "Daniel J Walsh wrote:" > > > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 01/18/2013 09:20 AM, David Highley wrote: > > > Upgraded a test box to Fedora 18 and have tried to get rsync backups to it > > > working. Looked at many discussions about backing up in a selinux > > > environment and all discussions seemed to be incomplete. > > > > > > Most indicate you should not keep selinux labels, but none of those > > > discussion indicate what options to change. After working on a thousand > > > line policy file I'm beginning to think you just want to completely turn > > > off any audit of the rsync domain. > > > > > > Is this how we should approach backups? If you do not preserve selinux > > > labels what should the backup location get labeled to? > > > > > > I'm surprised as long as selinux has been in use that a template with > > > details has not been defined for this. By the way I had just submitted an > > > enhancement bug report for rsync with examples of getting it to function > > > with systemd control. -- selinux mailing list > > > selinux@xxxxxxxxxxxxxxxxxxxxxxx > > > https://admin.fedoraproject.org/mailman/listinfo/selinux > > > > > Does this help? > > > > http://danwalsh.livejournal.com/61646.html > > I had found and read this information, but was not sure from it and > the other discussions that it was the right direction and if the right > direction that it had complete information for doing the implementation. > > Has anyone tried this and has it worked out? Do you define the backup > area as unconfined_u and relabel everything to that? > OK, making rsync_t and unconfined domain gets rid of the AVCs. I still have concerns that it is just opening up a bad whole in the system. Is there a way of scoping it to only the back up area and or maybe forcing what ever is copied to a benign state by labeling it to something safe? > > -----BEGIN PGP SIGNATURE----- > > Version: GnuPG v1.4.13 (GNU/Linux) > > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > > > iEYEARECAAYFAlD5aPgACgkQrlYvE4MpobPI2ACg5JIiIpC9o17qz+Td6K702yhV > > 7a4AnRmUFg0hxxOlxbMRjeN7At3CBQga > > =CuCO > > -----END PGP SIGNATURE----- > > > -- > selinux mailing list > selinux@xxxxxxxxxxxxxxxxxxxxxxx > https://admin.fedoraproject.org/mailman/listinfo/selinux > -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
