Re: Backups with rsync totally broken in Fedora 18

To summarize what the solution was for doing rsync back ups on Fedora 18 where we have clients initiating rsync back ups via cron jobs to back up servers where rsync is run by connection requests via systemd control. - Stopped preserving selinux attributes by removing the -X option from the rsync command. - Relabel the back up storage are by doing an semanage fcontext -a -t rsync_data_t </path>'(/.*)?' - On the back up servers; setsebool -P rsync_client on We still ended up needing the following policy: policy_module(my_rsync, 1.0) require { type rsync_data_t; type rsync_t; class sock_file getattr; class capability net_admin; } #============= rsync_t ============== allow rsync_t rsync_data_t:sock_file getattr; allow rsync_t self:capability net_admin; Dan Walsh believes the last rule maybe a kernel bug which showed up today on Fedora 16 with kernel version 3.6.11-4 update. If you want to be able to query the back up server by doing an rsync <host>:: we need this rule for sshd: allow sshd_t rsync_data_t:file read; Should we submit any bug reports from this effort? If so, which subsystems should they be submitted against. Dan thank you for all the support effort to resolve these issues. -- selinux mailing list selinux(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/selinux

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEJIm0ACgkQrlYvE4MpobMKfwCbB/LYKN3ZqZb+brwXBR5anRJg 3zYAnitO+EPjpXLQ+zJ+hvMdtL2QwBbg =CLp6 -----END PGP SIGNATURE-----