rsync and nscd broken in selinux-policy-targeted-1.25.3-12

TC Wan tcwan at
Tue Aug 30 03:11:22 UTC 2005

Hash: SHA1


I'm kindof new to SELinux, but have read enough info from the various FAQs
etc to try and follow what is going on.

I recently upgrade to selinux-policy-targeted-1.25.3-12 on my server (and
rebooted), and discovered subsequently that it broke nscd and rsyncd.

I'm not sure what is the exact problem nscd is having. rsyncd requires
chroot rights.

$ rsync rsync://localhost/Mirror/
@ERROR: chroot failed
rsync: connection unexpectedly closed (0 bytes received so far) [receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(420)

Output from sestatus:
- ---------------------
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 19
Policy from config file:        targeted

dmesg|fgrep audit (edited):
- -----------------
audit(1125305372.102:2): avc:  denied  { create } for  pid=1400
comm="nscd" scontext=system_u:system_r:nscd_t
tcontext=system_u:system_r:nscd_t tclass=netlink_audit_socket

audit(1125371048.190:11): avc:  denied  { sys_chroot } for  pid=2479
comm="rsync" capability=18 scontext=system_u:system_r:rsync_t
tcontext=system_u:system_r:rsync_t tclass=capability

- -----------------
allow nscd_t self:netlink_audit_socket create;
allow rsync_t self:capability sys_chroot;

Should I wait for a new targeted policy release to address these problems
(if so, how soon?), or should I try to create a custom policy?

- --
Wan Tat Chee (Senior Lecturer)
School of Computer Sciences, Univ. of Science Malaysia,
11800 USM, Penang, Malaysia.      Rm.625 Ofc Ph: +604 653-3888 x 3617
NRG Lab Admin: +604 659-4757           Rm.601-F Ofc Ph: +604 653-4396
Internet: tcwan at            Web:
GPG Key :
F'print : 4B2E F0BF AAD7 2F51 CB41  4386 F72B 7859 8278 BDC4

Version: GnuPG v1.2.4 (GNU/Linux)


More information about the fedora-selinux-list mailing list