phpMan

/* Void Main's man pages */

{ phpMan } else { main(); }

rsync_selinux(8) rsync Selinux Policy documentation rsync_selinux(8)

NAME
rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION
Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS
SELinux requires files to have an extended attribute to define the file type. Policy governs the access daemons have to
these files. If you want to share files using the rsync daemon, you must label the files and directories public_con-
tent_t. So if you created a special directory /var/rsync, you would need to label the directory with the chcon tool.

chcon -t public_content_t /var/rsync

To make this change permanent (survive a relabel), use the semanage command to add the change to file context con-
figuration:

semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:

/var/rsync(/.*)? system_u:object_r:publix_content_t:s0

Run the restorecon command to apply the changes:

restorecon -R -v /var/rsync/

SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of pub-
lic_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you
want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean.
allow_DOMAIN_anon_write. So for rsync you would execute:

setsebool -P allow_rsync_anon_write=1

BOOLEANS
system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR
This manual page was written by Dan Walsh <dwalshATredhat.com>.

SEE ALSO
selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)

dwalshATredhat.com 17 Jan 2005 rsync_selinux(8)