|
I'm running rsync (over ssh) to backup files from servers with a
later release Fedora (24, 27, and 28) to my server which is Fedora 22. Some of the files copied have file contexts that aren't available on my server which creates errors (the source, bb8, is Fedora 27; /bacula is just the target mountpoint): [0:root@elmo testing 23]$ rsync --delete -axAXv -e "ssh -p 22" "rsync://bb8.example.com/etc/" /bacula/clients/etc/bb8/ receiving incremental file list rsync: rsync_xal_set: lsetxattr(""/bacula/clients/etc/bb8/udev/hwdb.bin"","security.selinux") failed: Invalid argument (22) Since this is strictly for backups, I would like to allow rsync to set these unknown contexts. The AVC: type=AVC msg=audit(1555319931.042:30687): avc: denied { mac_admin } for pid=7061 comm="rsync" capability=33 scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2 permissive=0 Running: grep rsync /var/log/audit/audit.log | audit2allow -m my_rsync > my_rsync.te generates: module my_rsync 1.0; require { type unconfined_t; class capability2 mac_admin; } #============= unconfined_t ============== allow unconfined_t self:capability2 mac_admin; This should work however I don't want to grant this to any program except rsync. I've looked the rsync booleans and tried "setsebool -P rsync_client 1" but it doesn't fix it. Searched the interwebs too. Can anyone help? [0:root@elmo rsync 130]$ rpm -q rsync rsync-3.1.1-7.fc22.x86_64 [0:root@elmo rsync]$ ls -lZ `which rsync` -rwxr-xr-x. 1 root root system_u:object_r:rsync_exec_t:s0 495792 Jan 8 2016 /usr/bin/rsync Bill |
_______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
