[Gllug] SeLinux and Xinetd & Rsync

Casper Gasper casper.gasper at gmail.com
Wed May 16 21:40:27 UTC 2007


On 16/05/07, Alain Williams <addw at phcomp.co.uk> wrote:
> On Wed, May 16, 2007 at 08:30:49PM +0100, Stuart Sears wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Alain Williams wrote:
> > > Summary: SeLinx stops rsync reading /etc/rsyncd.conf
> > >
> > > I installed my system and needed rsync. I created a suitable
> > > /etc/rsyncd.conf (mode 644, owner root:root) and turned on rsync:
> > > chkconfig rsync on (and restarted xinetd for good measure).
> > >
> > > Whenever I try to do an rsync from another machine I get the
> > > following in /var/log/messages: May 13 23:09:18 gateway
> > > rsyncd[11327]: rsync: unable to open configuration file
> > > "/etc/rsyncd.conf": Permission denied (13) May 13 23:09:18 gateway
> > > rsyncd[11327]: rsync error: syntax or usage error (code 1) at
> > > clientserver.c(741) [receiver=2.6.8]
> > >
> > > If I type: setenforce 0 it works fine .... so the problem is SELinux.
> > > I would like to leave SELinux on, but how do I get rsync to work ?
> > avc messages?
> > they'll be in /var/log/messages or /var/log/audit/audit.log
> > this will at least help work out what the issue is exactly...
> >
> > although the error may suggest that /etc/rsyncd.conf is mislabeled
> > so, as well as the error logs, the output of
> > ls -Z /etc/rsyncd.conf
> > and
> > semanage fcontext -l | grep rsync
> > could help here
>
> /etc/rsyncd.conf did not already exist, so I just made my own. I did not label it.
>
> What seems relevant in /var/log/audit/audit.log:
>         type=AVC msg=audit(1179080167.711:720): avc:  denied  { read } for  pid=10312 comm="rsync" name="rsyncd.conf" dev=dm-0 ino=67420 scontext=user_u:system_r:rsync_t:s0 tcontext=user_u:object_r:tmp_t:s0 tclass=file
>         type=SYSCALL msg=audit(1179080167.711:720): arch=40000003 syscall=5 success=no exit=-13 a0=bfb84530 a1=8000 a2=1b6 a3=9ebfa28 items=0 ppid=9946 pid=10312 auid=500 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync" subj=user_u:system_r:rsync_t:s0 key=(null)
>
> # ls -Z /etc/rsyncd.conf
> -rw-r--r--  root root user_u:object_r:tmp_t            /etc/rsyncd.conf
> # semanage fcontext -l | grep rsync
> /srv/([^/]*/)?rsync(/.*)?                          all files          system_u:object_r:public_content_t:s0
> /usr/bin/rsync                                     regular file       system_u:object_r:rsync_exec_t:s0
>
>
> None of which leaves me much the wiser, how do I label /etc/rsyncd.conf & what do I label it as ?

Try:

restorecon -nv /etc/rsyncd.conf

This will show you what the current security context is, and what the
default file labelling thinks it should be.  If you get any output at
all, that means the file is mis-labelled, so just run:

restorecon /etc/rsyncd.conf

which should fix it.


Casper.

>
> I must say that I feel ignorant as to how this all works, is there a readable & practical intro that you could recommend ?
>
> I tried (wild guess) to fix thus:
>         semanage fcontext -a -t rsync_exec_t /etc/rsyncd.conf
> but it made no difference.
>
> Thanks
>
> --
> Alain Williams
> Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
> +44 (0) 787 668 0256  http://www.phcomp.co.uk/
> Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
> #include <std_disclaimer.h>
> --
> Gllug mailing list  -  Gllug at gllug.org.uk
> http://lists.gllug.org.uk/mailman/listinfo/gllug
>
-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list