What the best way to resolve these AVC's
Ed Greshko
ed.greshko at greshko.com
Fri Oct 31 09:29:53 UTC 2014
This comes about from a thread on the "users" list.
The person on the users list has an external drive, formatted with an ntfs partition. It gets mounted at boot time as there is an fstab entry for it using UUID as the identifier. It is being mounted on /media/PRTZ-src_sync
The person wishes to run an rsync at boot time and is using the rc-local.service to call another script file containing the following.
#!/bin/bash
/usr/bin/rsync -av \
--delete \
--include='*/' \
--include='*.java' \
--include='*.form' \
--exclude='*' \
/home/programmers/java/PROJECTS_development/ \
/media/PRTZ-src_sync
This fails, with no errors. But is generates the following AVC
type=AVC msg=audit(1414746668.306:107): avc: denied { search } for pid=805 comm="rsync" name="programmers" dev="dm-0" ino=786655 scontext=system_u:system_r:rsync_t:s0 tcontext=unconfined_u:object_r:user_home_dir_t:s0 tclass=dir permissive=0
type=AVC msg=audit(1414746668.306:108): avc: denied { getattr } for pid=807 comm="rsync" path="/media/PRTZ-src_sync" dev="sdb1" ino=1 scontext=system_u:system_r:
The "work around" is either to run in permissive (not ideal) or to call the script from the rc.local script like so...
su -c '/etc/rc.d/syncronize-java_srcs.sh' programmers
What would be the "selinux" fix for this?
Thanks....
--
If you can't laugh at yourself, others will gladly oblige.
More information about the selinux
mailing list