From: Joe K. <kr...@ni...> - 2008-02-01 22:54:59
|
I am using Fedora 7. SELinux blocks rsync access to all files that don't have a "public_content" label. The selinux profile includes boolean option "rsync_export_all_ro", but enabling it did not help. It seems to only apply to rsyncd, and not rsync over ssh. I switched to rsync over ssh, but I now find the strange problem that rsync fails if given the "--xattrs" option, which saves selinux tags. It did not generate an selinux alert, so perhaps there are some limitations with rsync when run with explicit --server args the way BackupPC does? Has anyone else figured this out? I was able to configure backups using tar, but rsync is more reliable for incremental backups. OTOH, rsync takes more CPU to check for changed files. Also, the default config for ssh is to directly log in as root. It is better to log in as an unprivileged user and use sudo, which can be restricted for backups. It is easy enough to customize this, but it is better for the defaults to encourage better security. Joe Krahn |