51 lines
1.8 KiB
Groff
51 lines
1.8 KiB
Groff
.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "rsync Selinux Policy documentation"
|
|
.de EX
|
|
.nf
|
|
.ft CW
|
|
..
|
|
.de EE
|
|
.ft R
|
|
.fi
|
|
..
|
|
.SH "NAME"
|
|
rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
|
|
.SH "DESCRIPTION"
|
|
|
|
Security-Enhanced Linux secures the rsync server via flexible mandatory access
|
|
control.
|
|
.SH FILE_CONTEXTS
|
|
SELinux requires files to have an extended attribute to define the file type.
|
|
Policy governs the access daemons have to these files.
|
|
If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
|
|
would need to label the directory with the chcon tool.
|
|
.TP
|
|
chcon -t public_content_t /var/rsync
|
|
.TP
|
|
If you want to make this permanant, i.e. survive a relabel, you must add an entry to the file_contexts.local file.
|
|
.EX
|
|
/etc/selinux/POLICYTYPE/contexts/files/file_contexts.local
|
|
/var/rsync(/.*)? system_u:object_r:public_content_t
|
|
.EE
|
|
|
|
.SH SHARING FILES
|
|
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
|
|
|
|
.EX
|
|
setsebool -P allow_rsync_anon_write=1
|
|
.EE
|
|
|
|
.SH BOOLEANS
|
|
.TP
|
|
You can disable SELinux protection for the rsync daemon by executing:
|
|
.EX
|
|
setsebool -P rsync_disable_trans 1
|
|
service xinetd restart
|
|
.EE
|
|
.TP
|
|
system-config-securitylevel is a GUI tool available to customize SELinux policy settings.
|
|
.SH AUTHOR
|
|
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
|
|
|
|
.SH "SEE ALSO"
|
|
selinux(8), rsync(1), chcon(1), setsebool(8)
|