1rsync_selinux(8)      rsync Selinux Policy documentation      rsync_selinux(8)
2
3
4

NAME

6       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon
7

DESCRIPTION

9       Security-Enhanced Linux secures the rsync server via flexible mandatory
10       access control.
11

FILE_CONTEXTS

13       SELinux requires files to have an extended attribute to define the file
14       type.   Policy  governs the access daemons have to these files.  If you
15       want to share files using the rsync daemon, you must  label  the  files
16       and  directories  public_content_t.  So if you created a special direc‐
17       tory /var/rsync, you would need to label the directory with  the  chcon
18       tool.
19
20       chcon -t public_content_t /var/rsync
21
22       If  you  want  to make this permanant, i.e. survive a relabel, you must
23       add an entry to the file_contexts.local file.
24              /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
25              /var/rsync(/.*)? system_u:object_r:public_content_t
26
27

SHARING FILES

29       If you want to share files with multiple domains (Apache,  FTP,  rsync,
30       Samba),  you can set a file context of public_content_t and public_con‐
31       tent_rw_t.  These context allow any of the above domains  to  read  the
32       content.   If  you want a particular domain to write to the public_con‐
33       tent_rw_t   domain,   you   must   set   the    appropriate    boolean.
34       allow_DOMAIN_anon_write.  So for rsync you would execute:
35
36       setsebool -P allow_rsync_anon_write=1
37
38

BOOLEANS

40       system-config-selinux is a GUI tool available to customize SELinux pol‐
41       icy settings.
42

AUTHOR

44       This manual page was written by Dan Walsh <dwalsh@redhat.com>.
45
46

SEE ALSO

48       selinux(8), rsync(1), chcon(1), setsebool(8)
49
50
51
52dwalsh@redhat.com                 17 Jan 2005                 rsync_selinux(8)
Impressum