To modify local policy you can execute the following grep rsync_t /var/log/messages | audit2allow -M rsync semodule -i rsync.pp rsync wanting to listen on rsync_port_t should be allowed, that is a bug in policy. Probably can dontaudit useing init_t:fd and searching var_log_t. Will add rsync binding to rsync_port_t to policy.