Provided by: selinux-policy-doc_2.20221101-4_all bug

NAME

       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION

       Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS

       SELinux  requires  files  to  have  an extended attribute to define the file type.  Policy
       governs the access daemons have to these files.  If you want  to  share  files  using  the
       rsync  daemon,  you  must  label  the  files  and directories public_content_t.  So if you
       created a special directory /var/rsync, you would need to label  the  directory  with  the
       chcon tool.

       chcon -t public_content_t /var/rsync

       To  make  this  change  permanent (survive a relabel), use the semanage command to add the
       change to file context configuration:

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This         command         adds         the         following          entry          to
       /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/

SHARING FILES

       If  you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set
       a file context of public_content_t and public_content_rw_t.  These context  allow  any  of
       the  above  domains  to read the content.  If you want a particular domain to write to the
       public_content_rw_t    domain,    you    must     set     the     appropriate     boolean.
       allow_DOMAIN_anon_write.  So for rsync you would execute:

       setsebool -P allow_rsync_anon_write=1

BOOLEANS

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)