rsync as backup from f11 to F10 - issues
Daniel J Walsh
dwalsh at redhat.com
Fri Aug 14 14:41:17 UTC 2009
On 08/14/2009 07:55 AM, Stephen Smalley wrote:
> On Wed, 2009-08-12 at 16:36 -0400, Daniel J Walsh wrote:
>> On 08/11/2009 05:30 PM, Mike Cloaked wrote:
>>>
>>>
>>>
>>> Mike Cloaked wrote:
>>>>
>>>>
>>>> Machines on the LAN have been running backups across the network using an
>>>> rsync command within a script which essentially does:
>>>> rsync --delete -aXH --exclude blah /opt
>>>> home1:/media/usbdrive/BACKUPS/myhostname
>>>> and similar for other directories.
>>>>
>>>> This has worked fine until I installed F11 on some of the machines in the
>>>> LAN, with ext4 filesystems on them.
>>>>
>>>> Trying the same thing in this case gave AVC denials on the machine
>>>> (running F10) to which the the external usb drive was attached (and with
>>>> an ext3 filesystem to take the backups)
>>>>
>>>> The AVC contained:
>>>> Summary
>>>> SELinux is preventing rsync (unconfined_t) "mac_admin" unconfined_t.
>>>>
>>>>
>>>
>>> I wonder if this is related to
>>> https://bugzilla.redhat.com/show_bug.cgi?id=510649
>> Yes you are trying to put F11 labels on an F10 box. Just setup rsync to not maintain labels.
>
> Isn't this scenario one of the reasons why we introduced the deferred
> context mapping support? If he allowed rsync mac_admin permission, it
> could in fact store the unknown labels on disk on the F10 box and later
> read them for restoring to the F11 system, right?
>
Yes that would work, but I thought we were frowning on this. The files would also be unusable by any confined processes on the F10 machine, I am not sure what would happen with the association denied, errors.
More information about the fedora-selinux-list
mailing list