aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat (limited to 'man/man8/rsync_selinux.8')
-rw-r--r--man/man8/rsync_selinux.852
1 files changed, 52 insertions, 0 deletions
diff --git a/man/man8/rsync_selinux.8 b/man/man8/rsync_selinux.8
new file mode 100644
index 00000000..ad9ccf5c
--- /dev/null
+++ b/man/man8/rsync_selinux.8
@@ -0,0 +1,52 @@
+.TH "rsync_selinux" "8" "17 Jan 2005" "dwalsh@redhat.com" "rsync Selinux Policy documentation"
+.de EX
+.nf
+.ft CW
+..
+.de EE
+.ft R
+.fi
+..
+.SH "NAME"
+rsync_selinux \- Security Enhanced Linux Policy for the rsync daemon
+.SH "DESCRIPTION"
+
+Security-Enhanced Linux secures the rsync server via flexible mandatory access
+control.
+.SH FILE_CONTEXTS
+SELinux requires files to have an extended attribute to define the file type.
+Policy governs the access daemons have to these files.
+If you want to share files using the rsync daemon, you must label the files and directories public_content_t. So if you created a special directory /var/rsync, you
+would need to label the directory with the chcon tool.
+.TP
+chcon -t public_content_t /var/rsync
+.TP
+.TP
+To make this change permanent (survive a relabel), use the semanage command to add the change to file context configuration:
+.TP
+semanage fcontext -a -t public_content_t "/var/rsync(/.*)?"
+.TP
+This command adds the following entry to /etc/selinux/POLICYTYPE/contexts/files/file_contexts.local:
+.TP
+/var/rsync(/.*)? system_u:object_r:publix_content_t:s0
+.TP
+Run the restorecon command to apply the changes:
+.TP
+restorecon -R -v /var/rsync/
+.EE
+
+.SH SHARING FILES
+If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and public_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the public_content_rw_t domain, you must set the appropriate boolean. allow_DOMAIN_anon_write. So for rsync you would execute:
+
+.EX
+setsebool -P allow_rsync_anon_write=1
+.EE
+
+.SH BOOLEANS
+.TP
+system-config-selinux is a GUI tool available to customize SELinux policy settings.
+.SH AUTHOR
+This manual page was written by Dan Walsh <dwalsh@redhat.com>.
+
+.SH "SEE ALSO"
+selinux(8), rsync(1), chcon(1), setsebool(8), semanage(8)