NAME

       rsync_selinux - Security Enhanced Linux Policy for the rsync daemon

DESCRIPTION

       Security-Enhanced Linux secures the rsync server via flexible mandatory access control.

FILE_CONTEXTS

       SELinux  requires files to have an extended attribute to define the file type.  Policy governs the access
       daemons have to these files.  If you want to share files using the rsync daemon, you must label the files
       and directories public_content_t.  So if you created a special directory /var/rsync, you  would  need  to
       label the directory with the chcon tool.

       chcon -t public_content_t /var/rsync

       To make this change permanent (survive a relabel), use the semanage command to add the change to file
       context configuration:

       semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"

       This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:

       /var/rsync(/.*)? system_u:object_r:publix_content_t:s0

       Run the restorecon command to apply the changes:

       restorecon -R -v /var/rsync/

SHARING FILES

       If  you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context
       of public_content_t and public_content_rw_t.  These context allow any of the above domains  to  read  the
       content.   If  you  want a particular domain to write to the public_content_rw_t domain, you must set the
       appropriate boolean.  allow_DOMAIN_anon_write.  So for rsync you would execute:

       setsebool -P allow_rsync_anon_write=1

BOOLEANS

       system-config-selinux is a GUI tool available to customize SELinux policy settings.

AUTHOR

       This manual page was written by Dan Walsh <dwalsh@redhat.com>.

SEE ALSO

       selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)

dwalsh@redhat.com                                  17 Jan 2005                                  rsync_selinux(8)