rsync as backup from f11 to F10 - issues

Mike Cloaked mike.cloaked at gmail.com
Sat Aug 15 18:37:51 UTC 2009 



Daniel J Walsh wrote:
> 
> On 08/14/2009 07:55 AM, Stephen Smalley wrote:
>> On Wed, 2009-08-12 at 16:36 -0400, Daniel J Walsh wrote:
>>> On 08/11/2009 05:30 PM, Mike Cloaked wrote:
>>>>
>>>>
>>>>
>>>> Mike Cloaked wrote:
>>>>>
>>>>>
>>>>> Machines on the LAN have been running backups across the network using
>>>>> an
>>>>> rsync command within a script which essentially does:
>>>>> rsync --delete -aXH --exclude blah /opt
>>>>> home1:/media/usbdrive/BACKUPS/myhostname
>>>>> and similar for other directories.
>>>>>
>>>>> This has worked fine until I installed F11 on some of the  machines in
>>>>> the
>>>>> LAN, with ext4 filesystems on them.
>>>>>
>>>>> Trying the same thing in this case gave AVC denials on the machine
>>>>> (running F10) to which the the external usb drive was attached (and
>>>>> with
>>>>> an ext3 filesystem to take the backups)
>>>>>
>>>>> The AVC contained:
>>>>> Summary
>>>>> SELinux is preventing rsync (unconfined_t) "mac_admin" unconfined_t. 
>>>>>
>>>>>
>>>>
>>>> I wonder if this is related to 
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=510649
>>> Yes you are trying to put F11 labels on an F10 box.  Just setup rsync to
>>> not maintain labels.
>> 
>> Isn't this scenario one of the reasons why we introduced the deferred
>> context mapping support?  If he allowed rsync mac_admin permission, it
>> could in fact store the unknown labels on disk on the F10 box and later
>> read them for restoring to the F11 system, right?
>> 
> Yes that would work, but I thought we were frowning on this.  The files
> would also be unusable by any confined processes on the F10 machine, I am
> not sure what would happen with the association denied, errors.
> 
> 

I can't speak for others but in my case once the files were stored on the
disk as backups via the F10 machine they would never be used on the F10
machine, as that machine would only ever act as a conduit for backup and
restore to the F11 machine - hence the files would only be used on F11
anyway - so the F10 machine is only a processing facility to get the files
onto the backup drive.

Presumably the facility referred to in the link several posts back up this
thread would allow this to happen?
-- 
View this message in context: http://www.nabble.com/rsync-as-backup-from-f11-to-F10---issues-tp24925988p24987099.html
Sent from the Fedora SELinux List mailing list archive at Nabble.com.

More information about the fedora-selinux-list mailing list