![]() ![]() The boolean rsync_full_access was set incorrectly. Note that none of the entries references rsync_export_all_ro: type=AVC msg=audit(1565118203.332:21775): avc: denied for pid=26597 comm="rsync" path="/var/spool/postfix/private/scache" dev="dm-0" ino=9148374 scontext=system_u:system_r:rsync_t:s0 tcontext=system_u:object_r:postfix_private_t:s0 tclass=sock_file permissive=0 One sample entry relating to /var/spool/postfix/private from audit2why -a follows. Rsync: readlink_stat("/var/spool/postfix/private/proxymap" (in root)) failed: Permission denied (13) Rsync: readlink_stat("/var/spool/postfix/private/verify" (in root)) failed: Permission denied (13) ![]() Rsync: readlink_stat("/var/spool/postfix/private/trace" (in root)) failed: Permission denied (13) Specifically I've some files under /var/spool/postfix/private that are unreadable: rsync: readlink_stat("/var/spool/postfix/private/defer" (in root)) failed: Permission denied (13) Unfortunately this still doesn't give me access to all files on the system. This results in this set getsebool -a | grep '^rsync' Digging further I found a reference to an SELinux policy that permits the rsync daemon to export all files read-only: setsebool -P rsync_export_all_ro 1 Initially the attempt to backup via the rsync daemon failed with all sorts of permission errors which I've attributed to SELinux labels. I believe that the process is labelled correctly: ps -eZ | grep rsync The rsyncd configuration section (simplified) Įxclude = /proc/*** /run/*** /sys/*** It cannot be backed up using rsync over ssh instead I need to use the rsync daemon.ĬentOS has SELinux enabled in enforcing mode so it's set me off on a steep learning curve. ![]() For a number of reasons I have had to deploy a small CentOS 7 server, and I want to add it to my backup schedule. I have a number of Debian-based systems that get backed up regularly using rsync. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |