Re: rsyncd and pre-xfer/post-xfer exec problem with FC8 selinux

[Daniel J Walsh <dwalsh redhat com>]

Przemyslaw Sztoch wrote:
> Running fully updated Fedora 8, trying to upload somefiles via rsync, and
> getting a couple of denials (on server with xinetd&rsyncd):
> 
> avc:  denied  { read } for  pid=20530 comm="rsync" name="sh" dev=dm-0
> ino=1507433 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
> 
> avc:  denied  { execute } for  pid=20530 comm="rsync" name="bash" dev=dm-0
> ino=1507343 sc
> ontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
> 
> avc:  denied  { read } for  pid=20530 comm="rsync" name="bash" dev=dm-0
> ino=1507343 scont
> ext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
> 
> avc:  denied  { execute_no_trans } for  pid=20530 comm="rsync"
> path="/bin/bash" dev=dm-0
> ino=1507343 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
> 
> avc:  denied  { getattr } for  pid=20530 comm="sh" path="/bin/bash" dev=dm-0
> ino=1507343
> scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
> 
> My rsyncd.conf:
> use chroot = yes
> max connections = 50
> log file = /var/log/rsync.log
> uid = autobackup
> gid = users
> 
> [autobackup]
>     path = /opt/autobackup
>     read only = no
>     write only = yes
>     list = no
>     uid = autobackup
>     incoming chmod = u=rw,go-rwx
>     transfer logging = yes
>     pre-xfer exec = /usr/local/bin/autobackup-hook pre
>     post-xfer exec = /usr/local/bin/autobackup-hook post
> 
> What should I do to use pre/post scripts in rsync?
> 
Did not know these existed.  What do you do in these scripts?