Provided by: selinux-policy-doc_2.20220520-5_all bug


       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon


       Security-Enhanced Linux secures the rsync server via flexible mandatory access control.


       SELinux  requires  files  to  have  an extended attribute to define the file type.  Policy
       governs the access daemons have to these files.  If you want  to  share  files  using  the
       rsync  daemon,  you  must  label  the  files  and directories public_content_t.  So if you
       created a special directory /var/rsync, you would need to label  the  directory  with  the
       chcon tool.

       chcon -t public_content_t /var/rsync

       To  make  this  change  permanent (survive a relabel), use the semanage command to add the
       change to file context configuration:

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This         command         adds         the         following          entry          to

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/


       If  you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set
       a file context of public_content_t and public_content_rw_t.  These context  allow  any  of
       the  above  domains  to read the content.  If you want a particular domain to write to the
       public_content_rw_t    domain,    you    must     set     the     appropriate     boolean.
       allow_DOMAIN_anon_write.  So for rsync you would execute:

       setsebool -P allow_rsync_anon_write=1


       system-config-selinux is a GUI tool available to customize SELinux policy settings.


       This manual page was written by Dan Walsh <>.


       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)