rsync as backup from f11 to F10 - issues
Stephen Smalley
sds at tycho.nsa.gov
Fri Aug 14 11:55:20 UTC 2009
On Wed, 2009-08-12 at 16:36 -0400, Daniel J Walsh wrote:
> On 08/11/2009 05:30 PM, Mike Cloaked wrote:
> >
> >
> >
> > Mike Cloaked wrote:
> >>
> >>
> >> Machines on the LAN have been running backups across the network using an
> >> rsync command within a script which essentially does:
> >> rsync --delete -aXH --exclude blah /opt
> >> home1:/media/usbdrive/BACKUPS/myhostname
> >> and similar for other directories.
> >>
> >> This has worked fine until I installed F11 on some of the machines in the
> >> LAN, with ext4 filesystems on them.
> >>
> >> Trying the same thing in this case gave AVC denials on the machine
> >> (running F10) to which the the external usb drive was attached (and with
> >> an ext3 filesystem to take the backups)
> >>
> >> The AVC contained:
> >> Summary
> >> SELinux is preventing rsync (unconfined_t) "mac_admin" unconfined_t.
> >>
> >>
> >
> > I wonder if this is related to
> > https://bugzilla.redhat.com/show_bug.cgi?id=510649
> Yes you are trying to put F11 labels on an F10 box. Just setup rsync to not maintain labels.
Isn't this scenario one of the reasons why we introduced the deferred
context mapping support? If he allowed rsync mac_admin permission, it
could in fact store the unknown labels on disk on the F10 box and later
read them for restoring to the F11 system, right?
--
Stephen Smalley
National Security Agency
More information about the fedora-selinux-list
mailing list