NAME
rsync_selinux - Security Enhanced Linux Policy for the rsync daemon
DESCRIPTION
Security-Enhanced Linux secures the rsync server via flexible mandatory
access control.
FILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file
type. Policy governs the access daemons have to these files. If you
want to share files using the rsync daemon, you must label the files
and directories public_content_t. So if you created a special
directory /var/rsync, you would need to label the directory with the
chcon tool.
chcon -t public_content_t /var/rsync
To make this change permanent (survive a relabel), use the
semanage command to add the change to file context
configuration:
semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
This command adds the following entry to
/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
/var/rsync(/.*)? system_u:object_r:publix_content_t:s0
Run the restorecon command to apply the changes:
restorecon -R -v /var/rsync/
SHARING FILES
If you want to share files with multiple domains (Apache, FTP,
rsync, Samba), you can set a file context of public_content_t
and public_content_rw_t. These context allow any of the above
domains to read the content. If you want a particular domain to
write to the public_content_rw_t domain, you must set the
appropriate boolean. allow_DOMAIN_anon_write. So for rsync you
would execute:
setsebool -P allow_rsync_anon_write=1
BOOLEANS
system-config-selinux is a GUI tool available to customize
SELinux policy settings.
AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
SEE ALSO
selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)