+ Post New Thread
Results 1 to 2 of 2
*nix Thread, SELinux rsync and apache in Technical; I need to get rsync to read files from /var/www SELinux is preventing this. If I change the context to ...
  1. #1


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339

    SELinux rsync and apache

    I need to get rsync to read files from /var/www
    SELinux is preventing this.
    If I change the context to

    Code:
      chcon -R -t public_content_t /var/www/
    then rsync is happy - but httpd wont start :-(

    Code:
     [root@www ~]# ls -Z /var/www/
    drwxr-xr-x. apache root   system_u:object_r:public_content_t:s0 cgi-bin
    drwxr-xr-x. apache root   system_u:object_r:public_content_t:s0 error
    drwxr-xr-x. apache root   system_u:object_r:public_content_t:s0 html
    drwxr-xr-x. apache root   system_u:object_r:public_content_t:s0 icons
    drwx------. apache root   system_u:object_r:public_content_t:s0 lost+found
    drwxr-xr-x. apache root   system_u:object_r:public_content_t:s0 manual
    drwxr-xr-x. apache root   system_u:object_r:public_content_t:s0 usage
    drwxr-xr-x. vhost  apache system_u:object_r:public_content_t:s0 vhosts
    If I change to

    Code:
    chcon -R -t httpd_sys_content_t /var/www/
    Code:
     [root@www ~]# ls -Z /var/www/
    drwxr-xr-x. apache root   system_u:object_r:httpd_sys_content_t:s0 cgi-bin
    drwxr-xr-x. apache root   system_u:object_r:httpd_sys_content_t:s0 error
    drwxr-xr-x. apache root   system_u:object_r:httpd_sys_content_t:s0 html
    drwxr-xr-x. apache root   system_u:object_r:httpd_sys_content_t:s0 icons
    drwx------. apache root   system_u:object_r:httpd_sys_content_t:s0 lost+found
    drwxr-xr-x. apache root   system_u:object_r:httpd_sys_content_t:s0 manual
    drwxr-xr-x. apache root   system_u:object_r:httpd_sys_content_t:s0 usage
    drwxr-xr-x. vhost  apache system_u:object_r:httpd_sys_content_t:s0 vhosts
    Then httpd is happy - but rsync won't run

    Code:
    type=AVC msg=audit(1296653954.564:901): avc:  denied  { search } for  pid=2110 comm="rsync" name="/" dev=dm-2 ino=2 scontext=system_u:system_r:rsync_t:s0-s0:c0.c1023 tcontext=system_u:object_r:httpd_sys_content_t:s0 tclass=dir
    type=SYSCALL msg=audit(1296653954.564:901): arch=c000003e syscall=161 success=no exit=-13 a0=235cd40 a1=235cca0 a2=4519e6 a3=8 items=0 ppid=1679 pid=2110 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="rsync" exe="/usr/bin/rsync" subj=system_u:system_r:rsync_t:s0-s0:c0.c1023 key=(null)
    How do I change the context so that both processes can read /var/www ?

  2. #2


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    I think I got it.
    I needed to do:
    Code:
    setsebool -P allow_httpd_anon_write on
    and the files needed to be read/write as well for moodle/cms

    to finalise I did:
    Code:
    semanage fcontext -a -t public_content_rw_t "/var/www/(/.*)?"
    
    restorecon -R -v /var/www/
    If anyone else struggles with SELinux (it is an uphill struggle) this is a good resource
    Managing Confined Services

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 14
    Last Post: 17th June 2010, 10:57 PM
  2. Rsync problem in login/out scripts
    By dayzd in forum Mac
    Replies: 2
    Last Post: 16th March 2010, 10:23 AM
  3. Rsync X
    By ranj in forum Mac
    Replies: 2
    Last Post: 5th May 2009, 07:33 PM
  4. Rsync errors
    By edie209 in forum *nix
    Replies: 8
    Last Post: 11th July 2007, 01:34 PM
  5. MAC: SELinux or AppAmor?
    By ITWombat in forum *nix
    Replies: 0
    Last Post: 21st October 2006, 04:22 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •