GNU/Linux man pages
Livre :
Expressions régulières,
Syntaxe et mise en oeuvre :
GNU/Linux |
CentOS 5.2 |
|
 |
rsync_selinux(8) |
 |
rsync_selinux − Security Enhanced Linux Policy for the rsync daemon
Security-Enhanced Linux secures the rsync server via flexible mandatory access control.
SELinux
requires files to have an extended attribute to define the
file type. Policy governs the access daemons have to these
files. If you want to share files using the rsync daemon,
you must label the files and directories public_content_t.
So if you created a special directory /var/rsync, you would
need to label the directory with the chcon tool.
chcon -t public_content_t /var/rsync
If you want to make this permanant, i.e. survive a relabel,
you must
add an entry to the file_contexts.local file.
/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
/var/rsync(/.*)? system_u:object_r:public_content_t
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
setsebool -P allow_rsync_anon_write=1
You can disable
SELinux protection for the rsync daemon by executing:
setsebool -P rsync_disable_trans 1
service xinetd restart
system-config-securitylevel is
a GUI tool available to customize
SELinux policy settings.
AUTHORThis manual page was written by Dan Walsh <dwalsh@redhat.com>. SEE ALSOselinux(8), rsync(1), chcon(1), setsebool(8)
|