xinetd rsync --daemon problems: fix for F9
Chuck Anderson
cra at WPI.EDU
Wed Jul 2 03:44:47 UTC 2008
I still have a problem with rsyncd.lock on Fedora 9.
The symptoms are that after "a while"--several days perhaps, rsync
transfers fail with this message:
@ERROR: failed to open lock file
rsync error: error starting client-server protocol (code 5) at
main.c(1296)
[receiver=2.6.8]
Here is the lock file:
-rw------- root root system_u:object_r:var_run_t:s0 /var/run/rsyncd.lock
AVC messages:
type=AVC msg=audit(1214969369.745:4847): avc: denied { lock } for
pid=32590 comm="rsync" path="/var/run/rsyncd.lock" dev=dm-3 ino=106537
scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=file
type=AVC msg=audit(1214969379.283:4850): avc: denied { read write }
for pid=32594 comm="rsync" name="rsyncd.lock" dev=dm-3 ino=106537
scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
tcontext=system_u:object_r:var_run_t:s0 tclass=file
This policy module fixes the issue:
module rsync 1.0;
require {
type var_run_t;
type rsync_t;
class file { read write lock };
}
#============= rsync_t ==============
allow rsync_t var_run_t:file { read write lock };
On Thu, Oct 11, 2007 at 06:01:25PM -0400, Chuck Anderson wrote:
> I'm using Fedora Core 6, and trying to start a rsync daemon via
> xinetd.
>
> type=AVC msg=audit(1192132336.713:3464): avc: denied { lock } for
> pid=8488 comm="rsync" name="rsyncd.lock" dev=dm-4 ino=2064435
> scontext=user_u:system_r:rsync_t:s0
> tcontext=root:object_r:var_run_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1192132336.713:3464): arch=40000003 syscall=221
> success=no exit=-13 a0=4 a1=d a2=bff80730 a3=bff80730 items=0
> ppid=8167 pid=8488 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync"
> subj=user_u:system_r:rsync_t:s0 key=(null)
> type=AVC_PATH msg=audit(1192132336.713:3464):
> path="/var/run/rsyncd.lock"
More information about the fedora-selinux-list
mailing list