FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 07-02-2008, 03:44 AM
Chuck Anderson
 
Default xinetd rsync --daemon problems: fix for F9

I still have a problem with rsyncd.lock on Fedora 9.

The symptoms are that after "a while"--several days perhaps, rsync
transfers fail with this message:

@ERROR: failed to open lock file
rsync error: error starting client-server protocol (code 5) at
main.c(1296)
[receiver=2.6.8]

Here is the lock file:

-rw------- root root system_ubject_r:var_run_t:s0 /var/run/rsyncd.lock

AVC messages:

type=AVC msg=audit(1214969369.745:4847): avc: denied { lock } for
pid=32590 comm="rsync" path="/var/run/rsyncd.lock" dev=dm-3 ino=106537
scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
tcontext=system_ubject_r:var_run_t:s0 tclass=file

type=AVC msg=audit(1214969379.283:4850): avc: denied { read write }
for pid=32594 comm="rsync" name="rsyncd.lock" dev=dm-3 ino=106537
scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
tcontext=system_ubject_r:var_run_t:s0 tclass=file

This policy module fixes the issue:

module rsync 1.0;

require {
type var_run_t;
type rsync_t;
class file { read write lock };
}

#============= rsync_t ==============
allow rsync_t var_run_t:file { read write lock };


On Thu, Oct 11, 2007 at 06:01:25PM -0400, Chuck Anderson wrote:
> I'm using Fedora Core 6, and trying to start a rsync daemon via
> xinetd.
>
> type=AVC msg=audit(1192132336.713:3464): avc: denied { lock } for
> pid=8488 comm="rsync" name="rsyncd.lock" dev=dm-4 ino=2064435
> scontext=user_u:system_r:rsync_t:s0
> tcontext=rootbject_r:var_run_t:s0 tclass=file
>
> type=SYSCALL msg=audit(1192132336.713:3464): arch=40000003 syscall=221
> success=no exit=-13 a0=4 a1=d a2=bff80730 a3=bff80730 items=0
> ppid=8167 pid=8488 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
> sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync"
> subj=user_u:system_r:rsync_t:s0 key=(null)
> type=AVC_PATH msg=audit(1192132336.713:3464):
> path="/var/run/rsyncd.lock"

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 
Old 07-03-2008, 06:09 PM
Daniel J Walsh
 
Default xinetd rsync --daemon problems: fix for F9

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chuck Anderson wrote:
> I still have a problem with rsyncd.lock on Fedora 9.
>
> The symptoms are that after "a while"--several days perhaps, rsync
> transfers fail with this message:
>
> @ERROR: failed to open lock file
> rsync error: error starting client-server protocol (code 5) at
> main.c(1296)
> [receiver=2.6.8]
>
> Here is the lock file:
>
> -rw------- root root system_ubject_r:var_run_t:s0 /var/run/rsyncd.lock
>
> AVC messages:
>
> type=AVC msg=audit(1214969369.745:4847): avc: denied { lock } for
> pid=32590 comm="rsync" path="/var/run/rsyncd.lock" dev=dm-3 ino=106537
> scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:var_run_t:s0 tclass=file
>
> type=AVC msg=audit(1214969379.283:4850): avc: denied { read write }
> for pid=32594 comm="rsync" name="rsyncd.lock" dev=dm-3 ino=106537
> scontext=unconfined_u:system_r:rsync_t:s0-s0:c0.c1023
> tcontext=system_ubject_r:var_run_t:s0 tclass=file
>
> This policy module fixes the issue:
>
> module rsync 1.0;
>
> require {
> type var_run_t;
> type rsync_t;
> class file { read write lock };
> }
>
> #============= rsync_t ==============
> allow rsync_t var_run_t:file { read write lock };
>
>
> On Thu, Oct 11, 2007 at 06:01:25PM -0400, Chuck Anderson wrote:
>> I'm using Fedora Core 6, and trying to start a rsync daemon via
>> xinetd.
>>
>> type=AVC msg=audit(1192132336.713:3464): avc: denied { lock } for
>> pid=8488 comm="rsync" name="rsyncd.lock" dev=dm-4 ino=2064435
>> scontext=user_u:system_r:rsync_t:s0
>> tcontext=rootbject_r:var_run_t:s0 tclass=file
>>
>> type=SYSCALL msg=audit(1192132336.713:3464): arch=40000003 syscall=221
>> success=no exit=-13 a0=4 a1=d a2=bff80730 a3=bff80730 items=0
>> ppid=8167 pid=8488 auid=10002 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0
>> sgid=0 fsgid=0 tty=(none) comm="rsync" exe="/usr/bin/rsync"
>> subj=user_u:system_r:rsync_t:s0 key=(null)
>> type=AVC_PATH msg=audit(1192132336.713:3464):
>> path="/var/run/rsyncd.lock"
>
> --
> fedora-selinux-list mailing list
> fedora-selinux-list@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Chuck the problem here is labeling.

chcon -t rsync_var_run_t /var/run/rsyncd.lock


I will make this the default label in Update 76


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkhtFd4ACgkQrlYvE4MpobNQXwCfUOQzUMAYCE 0MJXBBtIPGt2gK
kIcAniUHitExHVnxBjKr4GzKtNXDZ/Ma
=/OtC
-----END PGP SIGNATURE-----

--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
 

Thread Tools




All times are GMT. The time now is 01:57 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org