rsyncd and pre-xfer/post-xfer exec problem with FC8 selinux
Daniel J Walsh
dwalsh at redhat.com
Sun Jun 29 12:40:22 UTC 2008
Przemyslaw Sztoch wrote:
> Running fully updated Fedora 8, trying to upload somefiles via rsync, and
> getting a couple of denials (on server with xinetd&rsyncd):
>
> avc: denied { read } for pid=20530 comm="rsync" name="sh" dev=dm-0
> ino=1507433 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:bin_t:s0 tclass=lnk_file
>
> avc: denied { execute } for pid=20530 comm="rsync" name="bash" dev=dm-0
> ino=1507343 sc
> ontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>
> avc: denied { read } for pid=20530 comm="rsync" name="bash" dev=dm-0
> ino=1507343 scont
> ext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>
> avc: denied { execute_no_trans } for pid=20530 comm="rsync"
> path="/bin/bash" dev=dm-0
> ino=1507343 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>
> avc: denied { getattr } for pid=20530 comm="sh" path="/bin/bash" dev=dm-0
> ino=1507343
> scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
>
> My rsyncd.conf:
> use chroot = yes
> max connections = 50
> log file = /var/log/rsync.log
> uid = autobackup
> gid = users
>
> [autobackup]
> path = /opt/autobackup
> read only = no
> write only = yes
> list = no
> uid = autobackup
> incoming chmod = u=rw,go-rwx
> transfer logging = yes
> pre-xfer exec = /usr/local/bin/autobackup-hook pre
> post-xfer exec = /usr/local/bin/autobackup-hook post
>
> What should I do to use pre/post scripts in rsync?
>
Did not know these existed. What do you do in these scripts?
More information about the fedora-selinux-list
mailing list