1rsync_selinux(8) rsync Selinux Policy documentation rsync_selinux(8)
2
6 rsync_selinux - Security Enhanced Linux Policy for the rsync daemon
7
9 Security-Enhanced Linux secures the rsync server via flexible mandatory
10 access control.
11
13 SELinux requires files to have an extended attribute to define the file
14 type. Policy governs the access daemons have to these files. If you
15 want to share files using the rsync daemon, you must label the files
16 and directories public_content_t. So if you created a special direc‐
17 tory /var/rsync, you would need to label the directory with the chcon
18 tool.
19 chcon -t public_content_t /var/rsync
21 To make this change permanent (survive a relabel), use the sem‐
24 anage command to add the change to file context configuration:
25 semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
27 This command adds the following entry to /etc/selinux/POLICY‐
29 TYPE/contexts/files/file_contexts.local:
30 /var/rsync(/.*)? system_u:object_r:publix_content_t:s0
32 Run the restorecon command to apply the changes:
34 restorecon -R -v /var/rsync/
36
39 If you want to share files with multiple domains (Apache, FTP,
40 rsync, Samba), you can set a file context of public_content_t
41 and public_content_rw_t. These context allow any of the above
42 domains to read the content. If you want a particular domain to
43 write to the public_content_rw_t domain, you must set the appro‐
44 priate boolean. allow_DOMAIN_anon_write. So for rsync you
45 would execute:
46 setsebool -P allow_rsync_anon_write=1
48
51 system-config-selinux is a GUI tool available to customize
52 SELinux policy settings.
53
55 This manual page was written by Dan Walsh <dwalsh@redhat.com>.
56
59 selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)
60dwalsh@redhat.com 17 Jan 2005 rsync_selinux(8)