Provided by: selinux-policy-doc_2.20110726-3_all bug


       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon


       Security-Enhanced Linux secures the rsync server via flexible mandatory
       access control.


       SELinux requires files to have an extended attribute to define the file
       type.   Policy  governs the access daemons have to these files.  If you
       want to share files using the rsync daemon, you must  label  the  files
       and   directories  public_content_t.   So  if  you  created  a  special
       directory /var/rsync, you would need to label the  directory  with  the
       chcon tool.

       chcon -t public_content_t /var/rsync

       To  make  this  change  permanent  (survive  a relabel), use the
       semanage  command  to   add   the   change   to   file   context

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This     command     adds     the     following     entry     to

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/


       If you want to share files with multiple domains  (Apache,  FTP,
       rsync,  Samba),  you  can set a file context of public_content_t
       and public_content_rw_t.  These context allow any of  the  above
       domains to read the content.  If you want a particular domain to
       write to  the  public_content_rw_t  domain,  you  must  set  the
       appropriate boolean.  allow_DOMAIN_anon_write.  So for rsync you
       would execute:

       setsebool -P allow_rsync_anon_write=1


       system-config-selinux is  a  GUI  tool  available  to  customize
       SELinux policy settings.


       This manual page was written by Dan Walsh <>.


       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)