Backup server question

Stephen Smalley sds at tycho.nsa.gov
Thu Apr 21 14:55:42 UTC 2005


On Thu, 2005-04-21 at 10:54 -0400, mroselinux at eastgranby.k12.ct.us
wrote:
> We have a FC3 server running samba, dhcpd, and named (for internal names
> only).  Each night, a backup server to the primary runs rsync to download
> changed/new files.
> 
> This is a vacation week at our high school and I tried our backup plan for
> the first time since upgrading to FC3.  When bringing up the backup server
> as primary, I ran into a security problem with dhcpd (dhcpd: Can't open
> lease database /var/lib/dhcp/dhcpd.leases: Permission denied).  I issued a
> setforce 0 command and restarted dhcpd and all was ok.  I then again
> stopped dhcpd, issued a setenforce 1 command, restarted dhcpd and again
> all was ok.
> 
> So, should I be running fixfiles each night at the end of the rsync
> script?  Or is there a better solution that someone with expertise can
> suggest?

I think that the FC4/development tree includes a patch to rsync to allow
preservation of extended attributes (which would include the SELinux
attributes).  Hence, you might try building the development rsync SRPM
on FC3 and trying it there (using the -X option).  You need the updated
rsync on both the client and server.  Naturally, you'd want to test it
out somewhere other than your production machine first.

-- 
Stephen Smalley <sds at tycho.nsa.gov>
National Security Agency




More information about the fedora-selinux-list mailing list