Man Linux: Main Page and Category List


       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon


       Security-Enhanced Linux secures the rsync server via flexible mandatory
       access control.


       SELinux requires files to have an extended attribute to define the file
       type.   Policy  governs the access daemons have to these files.  If you
       want to share files using the rsync daemon, you must  label  the  files
       and   directories  public_content_t.   So  if  you  created  a  special
       directory /var/rsync, you would need to label the  directory  with  the
       chcon tool.

       chcon -t public_content_t /var/rsync

       To  make  this  change  permanent  (survive  a relabel), use the
       semanage  command  to   add   the   change   to   file   context

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This     command     adds     the     following     entry     to

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/


       If  you  want to share files with multiple domains (Apache, FTP,
       rsync, Samba), you can set a file  context  of  public_content_t
       and  public_content_rw_t.   These context allow any of the above
       domains to read the content.  If you want a particular domain to
       write  to  the  public_content_rw_t  domain,  you  must  set the
       appropriate boolean.  allow_DOMAIN_anon_write.  So for rsync you
       would execute:

       setsebool -P allow_rsync_anon_write=1


       system-config-selinux  is  a  GUI  tool  available  to customize
       SELinux policy settings.


       This manual page was written by Dan Walsh <>.


       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)