This comes about from a thread on the "users" list.
The person on the users list has an external drive, formatted with an ntfs partition. It
gets mounted at boot time as there is an fstab entry for it using UUID as the identifier.
It is being mounted on /media/PRTZ-src_sync
The person wishes to run an rsync at boot time and is using the rc-local.service to call
another script file containing the following.
#!/bin/bash
/usr/bin/rsync -av \
--delete \
--include='*/' \
--include='*.java' \
--include='*.form' \
--exclude='*' \
/home/programmers/java/PROJECTS_development/ \
/media/PRTZ-src_sync
This fails, with no errors. But is generates the following AVC
type=AVC msg=audit(1414746668.306:107): avc: denied { search } for pid=805
comm="rsync" name="programmers" dev="dm-0" ino=786655
scontext=system_u:system_r:rsync_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0
tclass=dir permissive=0
type=AVC msg=audit(1414746668.306:108): avc: denied { getattr } for pid=807
comm="rsync" path="/media/PRTZ-src_sync" dev="sdb1" ino=1
scontext=system_u:system_r:
The "work around" is either to run in permissive (not ideal) or to call the
script from the rc.local script like so...
su -c '/etc/rc.d/syncronize-java_srcs.sh' programmers
What would be the "selinux" fix for this?
Thanks....
--
If you can't laugh at yourself, others will gladly oblige.