Running fully updated Fedora 8, trying to upload somefiles via rsync, and getting a couple of denials (on server with xinetd&rsyncd):
avc: denied { read } for pid=20530 comm="rsync" name="sh" dev=dm-0 ino=1507433 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
avc: denied { execute } for pid=20530 comm="rsync" name="bash" dev=dm-0 ino=1507343 sc ontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
avc: denied { read } for pid=20530 comm="rsync" name="bash" dev=dm-0 ino=1507343 scont ext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
avc: denied { execute_no_trans } for pid=20530 comm="rsync" path="/bin/bash" dev=dm-0 ino=1507343 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
avc: denied { getattr } for pid=20530 comm="sh" path="/bin/bash" dev=dm-0 ino=1507343 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
My rsyncd.conf: use chroot = yes max connections = 50 log file = /var/log/rsync.log uid = autobackup gid = users
[autobackup] path = /opt/autobackup read only = no write only = yes list = no uid = autobackup incoming chmod = u=rw,go-rwx transfer logging = yes pre-xfer exec = /usr/local/bin/autobackup-hook pre post-xfer exec = /usr/local/bin/autobackup-hook post
What should I do to use pre/post scripts in rsync?
Przemyslaw Sztoch wrote:
Running fully updated Fedora 8, trying to upload somefiles via rsync, and getting a couple of denials (on server with xinetd&rsyncd):
avc: denied { read } for pid=20530 comm="rsync" name="sh" dev=dm-0 ino=1507433 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
avc: denied { execute } for pid=20530 comm="rsync" name="bash" dev=dm-0 ino=1507343 sc ontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
avc: denied { read } for pid=20530 comm="rsync" name="bash" dev=dm-0 ino=1507343 scont ext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
avc: denied { execute_no_trans } for pid=20530 comm="rsync" path="/bin/bash" dev=dm-0 ino=1507343 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
avc: denied { getattr } for pid=20530 comm="sh" path="/bin/bash" dev=dm-0 ino=1507343 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
My rsyncd.conf: use chroot = yes max connections = 50 log file = /var/log/rsync.log uid = autobackup gid = users
[autobackup] path = /opt/autobackup read only = no write only = yes list = no uid = autobackup incoming chmod = u=rw,go-rwx transfer logging = yes pre-xfer exec = /usr/local/bin/autobackup-hook pre post-xfer exec = /usr/local/bin/autobackup-hook post
What should I do to use pre/post scripts in rsync?
Did not know these existed. What do you do in these scripts?
Daniel J Walsh pisze:
Przemyslaw Sztoch wrote:
What should I do to use pre/post scripts in rsync?
Did not know these existed. What do you do in these scripts?
I.e. (of course I talks about rsyncD, not normal rsync mode): 1. Report and e-mail notification. 2. Filter (deny of transmission) - access lists based at bash scripts (if/test/for/grep etc)
Rsync should have access to bash and to exec new type for rsync_scripts_t. Of course bool selinux parametr to enable access to rsync_scripts_t will be great.
selinux@lists.fedoraproject.org