rsync and nscd broken in selinux-policy-targeted-1.25.3-12

TC Wan tcwan at cs.usm.my
Tue Aug 30 03:11:22 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

I'm kindof new to SELinux, but have read enough info from the various FAQs
etc to try and follow what is going on.

I recently upgrade to selinux-policy-targeted-1.25.3-12 on my server (and
rebooted), and discovered subsequently that it broke nscd and rsyncd.

I'm not sure what is the exact problem nscd is having. rsyncd requires
chroot rights.

$ rsync rsync://localhost/Mirror/
@ERROR: chroot failed
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(420)


Output from sestatus:
- ---------------------
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 19
Policy from config file:        targeted

dmesg|fgrep audit (edited):
- -----------------
audit(1125305372.102:2): avc:  denied  { create } for  pid=1400
comm="nscd" scontext=system_u:system_r:nscd_t
tcontext=system_u:system_r:nscd_t tclass=netlink_audit_socket

audit(1125371048.190:11): avc:  denied  { sys_chroot } for  pid=2479
comm="rsync" capability=18 scontext=system_u:system_r:rsync_t
tcontext=system_u:system_r:rsync_t tclass=capability

dmesg|audit2allow:
- -----------------
allow nscd_t self:netlink_audit_socket create;
allow rsync_t self:capability sys_chroot;


Should I wait for a new targeted policy release to address these problems
(if so, how soon?), or should I try to create a custom policy?

T.C.
- --
Wan Tat Chee (Senior Lecturer)
School of Computer Sciences, Univ. of Science Malaysia,
11800 USM, Penang, Malaysia.      Rm.625 Ofc Ph: +604 653-3888 x 3617
NRG Lab Admin: +604 659-4757           Rm.601-F Ofc Ph: +604 653-4396
Internet: tcwan at cs.usm.my            Web: http://nrg.cs.usm.my/~tcwan
GPG Key : http://nrg.cs.usm.my/~tcwan/tcwan-nrg-20040805.asc
F'print : 4B2E F0BF AAD7 2F51 CB41  4386 F72B 7859 8278 BDC4


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDE85a9yt4WYJ4vcQRAm8TAJ0bnj1uY6bUbGqkrTitHDgfacuBrwCfUmEk
isxxEsd2oG+7QAh4LTtZegU=
=UQM2
-----END PGP SIGNATURE-----

More information about the fedora-selinux-list mailing list