NOTE: click here if you get an empty page.


rsync_selinux(8)      rsync Selinux Policy documentation      rsync_selinux(8)

NAME

rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION

Security-Enhanced Linux secures the rsync server via flexible mandatory access control. FILE_CONTEXTS SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to these files. If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special direc- tory /var/rsync, you would need to label the directory with the chcon tool. chcon -t public_content_t /var/rsync If you want to make this permanent, i.e. survive a relabel, you must add an entry to the file_contexts.local file. /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local /var/rsync(/.*)? system_u:object_r:public_content_t

SHARING FILES

If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_con- tent_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_con- tent_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute: setsebool -P allow_rsync_anon_write=1

BOOLEANS

You can disable SELinux protection for the rsync daemon by executing: setsebool -P rsync_disable_trans 1 service xinetd restart system-config-securitylevel is a GUI tool available to customize SELinux policy settings.

AUTHOR

This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

selinux(8), rsync(1), chcon(1), setsebool(8) dwalsh@redhat.com 17 Jan 2005 rsync_selinux(8)

1994 Man-cgi 1.15, Panagiotis Christias <christia@theseas.ntua.gr>