diff options
Diffstat (limited to 'man/man8/rsync_selinux.8')
1 files changed, 52 insertions, 0 deletions
diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
new file mode 100644
index 00000000..ad9ccf5c
--- /dev/null
+++ b/man/man8/rsync_selinux.8
@@ -0,0 +1,52 @@
+.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "rsync Selinux Policy documentation"
+.de EX
+.ft CW
+.de EE
+.ft R
+rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
+Security-Enhanced Linux secures the rsync server via flexible mandatory access
+SELinux requires files to have an extended attribute to define the file type.
+Policy governs the access daemons have to these files.
+If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
+would need to label the directory with the chcon tool.
+chcon -t public_content_t /var/rsync
+To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
+semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
+This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
+/var/rsync(/.*)? system_u:object_r:publix_content_t:s0
+Run the restorecon command to apply the changes:
+restorecon -R -v /var/rsync/
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
+setsebool -P allow_rsync_anon_write=1
+system-config-selinux is a GUI tool available to customize SELinux policy settings.
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)