-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/29/2013 10:57 PM, David Highley wrote:
> To summarize what the solution was for doing rsync back ups on Fedora 18
> where we have clients initiating rsync back ups via cron jobs to back up
> servers where rsync is run by connection requests via systemd control.
>
> - Stopped preserving selinux attributes by removing the -X option from the
> rsync command. - Relabel the back up storage are by doing an semanage
> fcontext -a -t rsync_data_t </path>'(/.*)?' - On the back up servers;
> setsebool -P rsync_client on
>
> We still ended up needing the following policy: policy_module(my_rsync,
> 1.0) require { type rsync_data_t; type rsync_t; class sock_file getattr;
> class capability net_admin; }
>
> #============= rsync_t ============== allow rsync_t rsync_data_t:sock_file
> getattr; allow rsync_t self:capability net_admin;
>
> Dan Walsh believes the last rule maybe a kernel bug which showed up today
> on Fedora 16 with kernel version 3.6.11-4 update. If you want to be able to
> query the back up server by doing an rsync <host>:: we need this rule for
> sshd: allow sshd_t rsync_data_t:file read;
>
> Should we submit any bug reports from this effort? If so, which subsystems
> should they be submitted against. Dan thank you for all the support effort
> to resolve these issues. -- selinux mailing list
> selinux@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
>
Yes open a bug report on selinux-policy, and we will follow up on it there.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlEJIm0ACgkQrlYvE4MpobMKfwCbB/LYKN3ZqZb+brwXBR5anRJg
3zYAnitO+EPjpXLQ+zJ+hvMdtL2QwBbg
=CLp6
-----END PGP SIGNATURE-----
--
selinux mailing list
selinux@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/selinux
