xinetd rsync --daemon problems: fix for F9

Wed Jul 2 03:44:47 UTC 2008

I still have a problem with rsyncd.lock on Fedora 9.

The symptoms are that after "a while"--several days perhaps, rsync 
transfers fail with this message:

@ERROR: failed to open lock file
rsync error: error starting client-server protocol (code 5) at 
main.c(1296)
[receiver=2.6.8]

Here is the lock file:

-rw-------  root root system_u:object_r:var_run_t:s0   /var/run/rsyncd.lock

AVC messages:

type=AVC msg=audit(1214969369.745:4847): avc:  denied  { lock } for  
pid=32590 comm="rsync" path="/var/run/rsyncd.lock" dev=dm-3 ino=106537 
scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file

type=AVC msg=audit(1214969379.283:4850): avc:  denied  { read write } 
for  pid=32594 comm="rsync" name="rsyncd.lock" dev=dm-3 ino=106537 
scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023 
tcontext=system_u:object_r:var_run_t:s0 tclass=file

This policy module fixes the issue:

module rsync 1.0;

require {
        type var_run_t;
        type rsync_t;
        class file { read write lock };
}

#============= rsync_t ==============
allow rsync_t var_run_t:file { read write lock };

On Thu, Oct 11, 2007 at 06:01:25PM -0400, Chuck Anderson wrote:
> I'm using Fedora Core 6, and trying to start a rsync daemon via 
> xinetd.
> 
> type=AVC msg=audit(1192132336.713:3464): avc:  denied  { lock } for  
> pid=8488 comm="rsync" name="rsyncd.lock" dev=dm-4 ino=2064435 
> scontext=user_u:system_r:rsync_t:s0 
> tcontext=root:object_r:var_run_t:s0 tclass=file
> 
> type=SYSCALL msg=audit(1192132336.713:3464): arch=40000003 syscall=221 
> success=no exit=-13 a0=4 a1=d a2=bff80730 a3=bff80730 items=0 
> ppid=8167 pid=8488 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 
> sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync" 
> subj=user_u:system_r:rsync_t:s0 key=(null)
> type=AVC_PATH msg=audit(1192132336.713:3464):  
> path="/var/run/rsyncd.lock"