NAME¶
rsync_selinux - Security Enhanced Linux Policy for the rsync daemon
DESCRIPTION¶
Security-Enhanced Linux secures the rsync server via flexible mandatory access
control.
FILE_CONTEXTS¶
SELinux requires files to have an extended attribute to define the file type.
Policy governs the access daemons have to these files. If you want to share
files using the rsync daemon, you must label the files and directories
public_content_t. So if you created a special directory /var/rsync, you would
need to label the directory with the chcon tool.
- chcon -t public_content_t /var/rsync
- To make this change permanent (survive a relabel), use the semanage
command to add the change to file context configuration:
- semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
- This command adds the following entry to
/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
- /var/rsync(/.*)? system_u:object_r:publix_content_t:s0
- Run the restorecon command to apply the changes:
- restorecon -R -v /var/rsync/
-
SHARING FILES¶
If you want to share files with multiple domains (Apache, FTP, rsync, Samba),
you can set a file context of public_content_t and public_content_rw_t. These
context allow any of the above domains to read the content. If you want a
particular domain to write to the public_content_rw_t domain, you must set the
appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
setsebool -P allow_rsync_anon_write=1
BOOLEANS¶
- system-config-selinux is a GUI tool available to customize SELinux policy
settings.
AUTHOR ¶
This manual page was written by Dan Walsh <dwalsh@redhat.com>.